Kaleidoscope - InZeed

- Science, Technology, Article, Music, Poem, Essay, etc ...

Covert Redirect Vulnerability

Covert Redirect is an application that takes a parameter and redirects a user to the parameter value WITHOUT SUFFICIENT validation. This is often the of result of a website’s overconfidence in its partners. In another word, the Covert Redirect vulnerability exists because there is not sufficient validation of the redirected URLs that belong to the domain of the partners.

Amazon Covert Redirect Bug Based on Kindle Daily Post, Omnivoracious, Car Lust

  Amazon Covert Redirect Bug Based on Kindle Daily Post, Omnivoracious, Car Lust – Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust & kindlepost.com omnivoracious.com carlustblog.com Open Redirect Web Security Vulnerabilities Domains: http://www.amazon.com “Amazon.com, Inc. (/ˈæməzɒn/ or /ˈæməzən/) is an American electronic commerce company with headquarters in Seattle, Washington. It is the largest Internet-based retailer in […]

Falha de segurança afeta logins de Facebook, Google e Microsoft

Falha de segurança afeta logins de Facebook, Google e Microsoft Depois do Heartbleed, falha no protocolo OpenSSL, foram encontradas vulnerabilidades graves nas ferramentas de login OAuth e OpenID,utilizadas em boa parte dos grandes sites, como Facebook, Google e Microsoft.     Um estudante de PHD de Singapura, Wang Jing, identificou a falha, chamada de “Covert […]

Google Covert Redirect Web Security Bugs Based on Googleads.g.doubleclick.net

  Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net – Google Covert Redirect Vulnerability Based on Googleads.g.doubleclick.net       (1) WebSite: google.com   “Google is an American multinational technology company specializing in Internet-related services and products. These include online advertising technologies, search, cloud computing, and software. Most of its profits are derived from AdWords, an online […]

OAuth和OpenID开源登录的“隐蔽重定向”漏洞(Covert Redirect)

          据Cnet报道,新加坡南洋理工大学名叫王晶的数学系博士生,发现了OAuth和OpenID开源登录的“隐蔽重定向”漏洞(Covert Redirect) 腾讯QQ、新浪微博、阿里巴巴淘宝、支付宝、搜狐网、网易、人人网、开心网、亚马逊、微软 Live、WordPress、eBay、PayPal、Facebook、Google、Yahoo、LinkedIn、VK.com、 Mail.Ru、Odnoklassniki.ru、GitHub等大量知名网站受影响。 黑客可利用该漏洞给钓鱼网站“变装”,用知名大型网站链接引诱用户登录钓鱼网站,一旦用户访问钓鱼网站并成功登陆授权,黑客即可读取其在网站上存储的私密信息。 http://tech.ifeng.com/internet/detail_2014_05/03/36130721_0.shtml

Falha de segurança afetam logins de Facebook, Google e Microsoft

Um estudante de PHD de Singapura, Wang Jing, identificou a falha, chamada de “Covert Redirect”, que consegue usar domínios reais de sites para verificação de páginas de login falsas, enganando os internautas.   Os cibercriminosos podem criar links maliciosos para abrir janelas pop-up do Facebook pedindo que o tal aplicativo seja autorizado. Caso seja realizada […]

Des vulnérabilités pour les boutons types S’identifier avec Facebook

Quelques semaines seulement après la découverte du bug Heartbleed, les utilisateurs moyens comme vous et moi pourraient s’inquiéter d’un autre problème très répandu qui ne sera pas facile à réparer. Il s’agit du bug « Covert Redirect » récemment révélé par Wang Jing, un étudiant en doctorat de mathématiques à l’université de technologie de Nanyang […]

Sicherheitslücke in OAuth 2.0 und OpenID gefunden

Wang Jing, Student an der Nanyang Technological University in Singapur, hat nach dem Bekanntwerden des OpenSSL-Heartbleed-Lecks, eine weitere schwere Sicherheitslücke entdeckt, diesmal in den Authentifizierungsmethoden OAuth 2.0 und OpenID. Die als “Covert Redirect” (“Heimliche Umleitung”) benannte Sicherheitslücke ermöglicht es Angreifern, dem Nutzer einen echt aussehenden Login-Screen unterzujubeln und sich so Zugriff auf die bereitgestellten Daten […]

Kaleidoscope - InZeed © 2015 Frontier Theme