The Latest in IT Security

Major security hole found in popular login protocols – and it won’t be fixed anytime soon

02
May
2014

Following the major Heartbleed security issue that affected millions of websites, a different vulnerability has been discovered that could have allowed hackers to steal certain personal data from users. CNET reports that a security flaw in the OAuth and OpenID online login protocols could be used to steal data and redirect users to malicious websites. Dubbed “Covert Redirect,” the exploit masquerades as a login pop-up based on an affected site’s domain, which would easily fool unsuspecting Internet users. “For example, someone clicking on a malicious phishing link will get a pop-up window in Facebook, asking them to authorize the app,” the publication writes. “Instead of using a fake domain name that’s similar to trick users, the Covert Redirect flaw uses the

Related posts:
  1. Popular login services have a security hole, but Facebook and Microsoft can’t fix it
  2. Major security flaw discovered in Android
  3. Microsoft won’t leave XP out of today’s major Internet Explorer security update
  4. Russian hackers have stolen an astonishing 1.2 billion login credentials
  5. How to tell if any of your accounts have been hacked

Tags:  
Written by Yahoo
0 Comments
Comments are closed.

Categories

THURSDAY, APRIL 25, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments