Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
May 3, 2014
Chris
Login, Security
Comments Off on Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

PreviousNext

Just a short notice rather than a real article, full story later (I need to check the facts): Several sources are posting about a recently discovered hard-to-fix bug in the extremely popular open-source authentication libraries/services OAuth and OpenID, used by lots of AAA-level sites, from PayPal to Facebook.

 

Articles:
cnet – Serious security flaw in OAuth, OpenID discovered
lifehacker – Security Flaw Found in OAuth and OpenID, Here’s What It Means for You
(german) zdnet – Schwere Sicherheitslücke in OAuth und OpenID entdeckt


Huge info-page by Wang Jing, the guy who has discovered the bug:
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html


YouTube channel (of Wang Jing), showing reproduceable examples (on Facebook, LinkedIn and Google):
https://www.youtube.com/user/tetraph


Info video:

https://www.youtube.com/watch?v=HUE8VbbwUms


Reproduceable examples (taken from the above YouTube channel)

https://www.youtube.com/watch?v=iif6eq2cvso

https://www.youtube.com/watch?v=Y2-2Scp0pbs

https://www.youtube.com/watch?v=GyNGBuHNoJ0

 

Share this

First look on Gitter, the chat for GitHub

GitHub has definitly become the #1 platform for git-based public repositories on the planet, no question. The site offers excellent

Install MINI in 30 seconds inside Ubuntu 14.04 LTS

This is a guideline on how to install MINI – an extremely simple naked PHP application – more or less

sass

[german video] Modernizing and minimalizing frontend markup code at AutoScout24

As this blog has a lot of german speaking readers I’ll post german stuff from time to time. Sorry for

How to install/setup latest version of PHPMyAdmin on Ubuntu 12.04 LTS (Precise Pangolin)

As the official installation packages of most linux distributions are usually totally out of date (but that’s pure intention, to

modern-php

Creator of Slim framework and “PHP – The right way” writes book: “Modern PHP”, available 2015

Definitly something every non-superexpert-PHP-developer should have on its books-to-buy-in-2015-list: Josh Lockhart, creator of the legendaray Slim framework and the famous

Microsoft enters post-password era with Hello (promo video)

Just a short promotion clip, but definitly interesting: Microsoft announces Hello, the authentication system inside Windows 10, using fingerprints, iris

github-logo-octocat

GitHub buys Easel.io, a code-free full website creator worth a look

GitHub has just aquired Easel.io (which is NOT easel.ly who offer something similar for infographics / powerpoint !), a powerful

php

Slides from International PHP Conference 2014

Have fun :)   [slideshare id=35391362&doc=codereviewsfranksonsipc2014se-140602104917-phpapp02]     [slideshare id=35383348&doc=ipc14se-planningfortheunplannable-140602073028-phpapp02]   [pdf]http://ilia.ws/files/ipc2014_bottlenecks.pdf[/pdf]   The talk Code Coverage: Covered in Depth

composer

Composer problems ? Try full reset !

Some small Composer commands that might solve your problems: I’ve taken them directly from Jordi Boggiano‘s (Composer co-creator) “In Depth

GitHub finally introduces repo traffic stats

It has been a veeeery long time, but finally GitHub has introduced private traffic stats for all projects. To open

1/4

Categories

Search

html6
Is this the first HTML6 specification?
php
“Belt” adds very clever everyday functions to PHP, comes with JavaScript naming styles and eventually solves the needle/haystack problem
Increase your HTML / CSS coding speed with EMMET
How to hack time (KUNG FURY promo campaign)
The New Era of JavaScript (28min conference talk, Jack Franklin, 2013)
Stressed and unrelaxed while coding ? Try some ultra-deeply-relaxing ASMR audio clips. It will change your life. Seriously.
offf-2014
Europeans: Get ready for OFFF conference / festival in Barcelona, May 2014
php
How the PHP session garbage collector really works
8 awesome pure CSS spinner / loader
Material Design – How Google designed Android L (7min video)
gamescom 2014 trailers
GAMESCOM 2014: Awesome Next-Gen ingame graphics
php
PHP.net hacked, but most things are fine again
angularjs
Two excellent introductions into AngularJS by Todd Motto
photoshop-cc-deal
Adobe offers Photoshop for $9.99 per month (limited deal)
mod-rewrite-ubuntu-14-04-lts
Which server OS version to choose ? Some EOL lists of Debian, Ubuntu and CentOS

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy