The Latest in IT Security

Major security hole found in popular login protocols – and it won’t be fixed anytime soon

02
May
2014

Following the major Heartbleed security issue that affected millions of websites, a different vulnerability has been discovered that could have allowed hackers to steal certain personal data from users. CNET reports that a security flaw in the OAuth and OpenID online login protocols could be used to steal data and redirect users to malicious websites. Dubbed “Covert Redirect,” the exploit masquerades as a login pop-up based on an affected site’s domain, which would easily fool unsuspecting Internet users. “For example, someone clicking on a malicious phishing link will get a pop-up window in Facebook, asking them to authorize the app,” the publication writes. “Instead of using a fake domain name that’s similar to trick users, the Covert Redirect flaw uses the

Comments are closed.

Categories

THURSDAY, JANUARY 23, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments