Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
May 3, 2014
Chris
Login, Security
Comments Off on Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

PreviousNext

Just a short notice rather than a real article, full story later (I need to check the facts): Several sources are posting about a recently discovered hard-to-fix bug in the extremely popular open-source authentication libraries/services OAuth and OpenID, used by lots of AAA-level sites, from PayPal to Facebook.

 

Articles:
cnet – Serious security flaw in OAuth, OpenID discovered
lifehacker – Security Flaw Found in OAuth and OpenID, Here’s What It Means for You
(german) zdnet – Schwere Sicherheitslücke in OAuth und OpenID entdeckt


Huge info-page by Wang Jing, the guy who has discovered the bug:
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html


YouTube channel (of Wang Jing), showing reproduceable examples (on Facebook, LinkedIn and Google):
https://www.youtube.com/user/tetraph


Info video:

https://www.youtube.com/watch?v=HUE8VbbwUms


Reproduceable examples (taken from the above YouTube channel)

https://www.youtube.com/watch?v=iif6eq2cvso

https://www.youtube.com/watch?v=Y2-2Scp0pbs

https://www.youtube.com/watch?v=GyNGBuHNoJ0

 

Share this

Frontend Ops Conf 2014 – Paul Irish: Delivering The Goods In Under 1000ms (40min video)

https://www.youtube.com/watch?v=E5lZ12Z889k

composer

A short & simple Composer tutorial

In this little Composer tutorial we’ll walk through the absolute basics of Composer, the PHP dependency management tool. Composer has

New project: Building a naked PHP skeleton / boilerplate application from scratch

[This post is from November 2013. In the meantime (I’m writing this in November 2014) the project has changed its

times-new-roman

The Times talks about Times New Roman (3min video)

A sweet little video, made by The Times, about Times New Roman. No real information here, but nice to look.

forbes 30 under 30

Need motivation ? Check out these 2 awesome “FORBES 30 under 30” lists (web, UI, games)

The FORBES magazine has just published the new “30 under 30” lists, and they are really really interesting! Lots of

Awesome next-gen PS4 graphics in “The Order: 1886”

We are entering a very interesting time: The differences between cinematic movies and video games are getting lesser and lesser.

Berlin, prepare for TOA conference (15th – 17th of July)

If you are in Berlin right now (and have 80-300 € to spend and 2-3 days of holidays (or “spontanious

Increase your HTML / CSS coding speed with EMMET

Codeninja.com just published a very interesting article about the excellent free code-completion/code-generation tool EMMET, which allows you to create huge

Beautiful, minimal WordPress theme ZUKI by Elmastudio (with 30% discount)

First a little disclaimer: I’m not affiliated with the company, don’t get money (or anything else) for saying this and

php

How the PHP session garbage collector really works

Sessions in PHP are easy to handle, but have a tricky configuration underneath. The common opinion is, that when you

1/4

Categories

Search

php
Redesigning the PHP logo – who wants ?
php uk conference
Profiling PHP Applications by Bastian Hofmann (video from PHP UK Conference 2014)
How to install/setup latest version of PHPMyAdmin on Ubuntu 12.04 LTS (Precise Pangolin)
Bézier Curves – Under the Hood (4min video)
php uk conference
PHP Caching Best Practices by Eli White (video from PHP UK Conference 2014)
composer
How to install Composer on Windows 7 / 8 or Ubuntu
digitalocean coupon
DigitalOcean VPS coupon codes for december 2013 and early 2014
cheap cloud server php
DigitalOcean rolls out interesting feature: Transfering server snapshots directly to the client’s account
unreal-4-engine
Tim Sweeney talks about the future of game graphics (and which hardware we need to “clone” reality)
composer
A short & simple Composer tutorial
increase-your-pagespeed-score
Increase your PageSpeed score (10min video with Matt Gaunt)
Frontend Ops Conf 2014 – Sarah Goff-Dupont: Git, Continuous Integration and Making It Pretty (31min video)
vagrant
A preinstalled Vagrant box with PHP HipHop / HHVM and Ubuntu 13.10 (Saucy Salamander)
hiphop php
Vote for “Hack” for HipHop/HHMV support (future style PHP) in PHPStorm 8
laracon-2014-eu-amsterdam
Laracon 2013 – Jordi Boggiano: In Depth Composer (47min video)

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy