• About

computer pitch

~ Computer Technology, News, Security …

computer pitch

Tag Archives: OAuth 2.0

Сингапурский студент обнаружил серьезную уязвимость в OAuth и OpenID

21 Tuesday Oct 2014

Posted by essaybeans in IT Security, Web Security

≈ Leave a comment

Tags

0 – день, Covert Redirect, Интернет, Сингапур, Хакер, атака, белые шляпы, защита, интеллект, исследования, кибер, компьютер, математика, недостаток, ошибка, переадресации скрытой, преступность, применение, проблема, IT новости, jing wang, justqdjing, сайт, уязвимость, фишинг, OAuth 2.0, OpenID, tetraph, URL перенаправления

OAuth и OpenID — очень популярные протоколы, которые совместно используются для авторизации и аутентификации. Приложение OAuth генерирует токены для клиентов, а OpenID предоставляет возможность децентрализованной аутентификации на сторонних сайтах, раскрывая персональные данные пользователей.


Студент Ван Цзин (Wang Jing) с факультета математики Наньянского технологического университета в Сингапуре нашел способ, как злоумышленник может перехватить персональные данные пользователей, перенаправив их на вредоносный сайт после авторизации. Речь идет об уязвимости типа скрытого редиректа (covert redirect), по аналогии с известной атакой open redirect.



covert_redirect1



В этом случае провайдер (Facebook, Google и проч.) видит, что информацию запрашивает нормальное приложение, но на самом деле пользователя скрыто направляют на другой сайт, заменив значение redirect_uri в URL.



covert_redirect2



Уязвимость затрагивает множество крупных сайтов, такие как Facebook, Google, Yahoo, LinkedIn, Microsoft, VK, Mail.Ru, PayPal, GitHub и другие. Все они выдают по запросу злоумышленника персональные данные пользователя. В случае Facebook это может быть имя, фамилия, почтовый адрес, возраст, место жительства, место работы и проч.




covert_redirect3



Кстати, open redirect входит в число 10 главных атак за 2013 год по версии OWASP.


Ван Цзин опубликовал видеоролик, в котором показывает способ эксплуатации уязвимости, на примере Facebook OAuth 2.0. По его словам, защититься от таких атак можно только с помощью «белого списка» сайтов для редиректа.


источник:
http://xakep.ru/62448/




Другие новости по теме:
http://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/
http://tech.firstpost.com/news-analysis/after-heartbleed-major-covert-redirect-flaw-threatens-oauth-openid-and-the-internet-222945.html
http://techxplore.com/news/2014-05-math-student-oauth-openid-vulnerability.html
http://phys.org/news/2014-05-math-student-oauth-openid-vulnerability.html
http://www.tomsguide.com/us/facebook-google-covert-redirect-flaw,news-18726.html
http://news.yahoo.com/facebook-google-users-threatened-security-192547549.html
http://thehackernews.com/2014/05/nasty-covert-redirect-vulnerability.html
http://www.scmagazine.com/covert-redirect-vulnerability-impacts-oauth-20-openid/article/345407/
http://blog.kaspersky.com/facebook-openid-oauth-vulnerable/
http://www.foxnews.com/tech/2014/05/05/facebook-google-users-threatened-by-new-security-flaw/
http://tech.ifeng.com/internet/detail_2014_05/03/36130721_0.shtml/
http://network.pconline.com.cn/471/4713896.html
http://media.sohu.com/20140504/n399096249.shtml/
http://it.people.com.cn/n/2014/0504/c1009-24969253.html
http://www.cnbeta.com/articles/288503.htm
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html
http://baike.baidu.com/link?url=0v9QZaGB09ePxHb70bzgWqlW-C9jieVguuDObtvJ_6WFY3h2vWnnjNDy4-jliDmqbT47SmdGS1_pZ4BbGN4Re_
https://zh.wikipedia.org/wiki
http://www.csdn.net/article/2014-05-04/2819588
http://tetraph.com/covert_redirect/

 

 

Keep calm e fate attenzione: OpenID e OAuth sono vulnerabili

28 Sunday Sep 2014

Posted by essaybeans in IT Security, Web Security

≈ Leave a comment

Tags

0-day, applicazione, attacco, bianco – cappello, bug, computer, cyber, diebiyi, difesa, difetto, hacker, il phishing, il reindirizzamento, intelligenza, internet, inzeed, IT News, justqdjing, la criminalità, la ricerca, la vulnerabilità, l’URL, matematica, OAuth 2.0, OpenID, problema, reindirizzamento segreta, singapore, sito web, tetraph, web

Attacks-on-Internet-Explorer-Zero-Day-Vulnerability-CVE-2014-1776-500x336

Keep calm e fate attenzione: OpenID e OAuth sono vulnerabili

Solo un paio di settimane dopo il preoccupante bug conosciuto comeHeartbleed, un utente di Internet come me e voi ha scoperto una nuova e a quanto pare diffusa vulnerabilità, anche questa non facile da  risolvere. Si tratta del bug “Covert redirection”, scoperto di recente da Wang Jing, uno dottorando in matematica presso la Nanyang Technological University di Singapore. Il problema è stato riscontrato all’interno dei popolari protocolli Internet OpenID e OAuth. Il primo protocollo viene utilizzato quando si cerca di accedere a un sito web usando le credeziali già create per i servizi di Google, Facebook o LinkedIn. Il secondo viene utilizzato quando si autorizza un sito web, una app o alcuni servizi con Facebook, Google +, ecc… senza rivelare di fatto la password e le credenziali a siti esterni. Questi due metodi vengono spesso usati insieme e, a quanto pare, potrebbero permettere ai cybercriminali di mettere mano sulle informazioni degli utenti.

http://tetraph.lofter.com/post/1cc758e0_4215608

Covert Redirect Mengancam OAuth 2.0 dan OpenID

25 Monday Aug 2014

Posted by essaybeans in IT Security, Web Security

≈ Leave a comment

Tags

0-day, aplikasi, bug, cacat, Covert Redirect, cyber, diebiyi, hacker, internet, inzeed, IT News, justqdjing, kecerdasan, kejahatan, kerentanan, komputer, masalah, matematika, OAuth 2.0, OpenID, penelitian, pengalihan, pertahanan, Phishing, putih – hat

Covert Redirect Mengancam OAuth 2.0 dan OpenID

Pada Jumat lalu, Wang Jing, seorang mahasiswa program PhD di Nanyang Technological University di Singapura, menerbitkan sebuah laporan yang memjabarkan tentang metode serangan yang disebut dengan “Covert Redirect” dan memperkenalkannya sebagai kerentanan atau vulnerable di OAuth 2.0 dan OpenID.
 
1881159
 
Cara kerja OAuth 2.0 dan OpenID sendiri adalah dengan memberikan akses bagi pengguna layanan ini untuk mendapatkan domain yang dapat mengakses menggunakan kredensial yang telah ada kepada website lain seperti Facebook, Google, Microsoft atau LinkedIn. Dengan akses yang didapatkan pengguna layanan ini dapat menghapus sebuah akun dan menggantinya dengan akun yang baru.

 

http://www.inzeed.com/kaleidoscope/computer-security/covert-redirect-mengancam-oauth-2-0-dan-openid/

Security-Bug: Facebook- und Google-Login unsicher, Covert Redirect

19 Tuesday Aug 2014

Posted by essaybeans in IT Security, Web Security

≈ Leave a comment

Tags

0-day, Angriff, Anwendung, computer, Covert Redirect, cyber, Fehler, Forschung, hacker, Intelligenz, internet, IT News, jing wang, justqdjing, Kriminalität, Mathematik, netz, OAuth 2.0, OpenID, Phishing, problem, Singapur, tetraph, Umleitung, URL, verdeckte redirect, Verletzlichkeit, Verteidigung, website, white-hat

Security-Bug: Facebook- und Google-Login unsicher, Covert Redirect

Der nächste Hammer nach dem OpenSSL-Bug: Die sehr weit verbreiteten Login-Protokolle OpenID und OAuth 2.0 haben eine Sicherheitslücke, über die Angreifer an vertrauliche Daten der Nutzer gelangen können. Dies fand Wang Jing, ein Student der Nanyang Technological University in Singapur, heraus. Betroffen sind diverse große Webdienste, die auf diese Protokolle setzen, zum Beispiel Google, Facebook, Microsoft und PayPal.

computer-virus-help

Sicherheitsrisiko: Login via Facebook oder Google sind angreifbar

OpenID und OAuth, wie OpenSSL Open-Source-Anwendungen, dienen als Login-Methode für Webdienste und Apps. User können sich darüber mit einem bestehenden Konto (etwa von Facebook oder Google) bei dem Dienst registrieren, ohne dort ein eigenes Benutzerkonto anlegen zu müssen. Ähnlich funktioniert auch die Anmeldung bei Facebook-Apps. In beiden Fällen hat der User den Vorteil, dass seine Anmeldedaten bei Google oder Facebook bleiben, der neue Dienst also weder E-Mail-Adresse noch Passwort erhält.

http://xingzhehong.lofter.com/post/1cfd0db2_55b5016

Continúan los problemas: OAuth y OpenID también son vulnerables, Covert Redirect

18 Friday Jul 2014

Posted by essaybeans in IT Security, Web Security

≈ Leave a comment

Tags

0 – días, aplicación, ataque, blanco y sombrero, cibernético, Covert Redirect, defecto, defensa, el crimen, el phishing, hacker, ingeniería, insecto, inteligência, internet, IT News, jing wang, justqdjing, la investigación, la vulnerabilidad, matemáticas, OAuth 2.0, OpenID, ordenador, problema, redirección, redirección encubierta, Singapur, sitio web, tela, tetraph, URL

Un nuevo fallo de seguridad amenaza Internet. En este caso se trata de Covert Redirect y ha sido descubierto por un estudiante chino en Singapur. 

 

covert_redirect_logo_tetraph

 

Cuando aún resuenan los ecos de Heartbleed y el terremoto que sacudió la red, nos acabamos de enterar que otra brecha de seguridad compromete Internet. En este caso se trata de un fallo que afecta a páginas como Google, Facebook, Microsoft, Linkedin, Yahoo, PayPal, GitHub o Mail.ru que usan estas herramientas de código abierto para autenticar a sus usuarios.

 

Este error permitiría a un atacante haga creer a un usuario que una nueva ventana que redirija a Facebook es segura cuando en realidad no lo es. Hasta aquí la técnica se parece al phishing pero lo que hace lo hace diferente es que Covert Redirect, que así se llama el nuevo exploit, usa el dominio real pero hace un bypass del servidor para conseguir la info. Lo mejor que podemos hacer cuando estemos navegando y pulsemos en un sitio que abre un pop up que nos pide logearnos en Facebook o Google es cerrar esa ventana para evitar que nos redirija a sitios sospechosos.

 

Wang Jing, estudiante de doctorado en la Universidad Técnica de Nanyang (Singapur), es quien ha descubierto la vulnerabilidad y le ha puesto nombre. El problema, según Jing, es que ni el proveedor ni la compañía quieren responsabilizarse de esta brecha ya que costaría mucho tiempo y dinero. Seguramente, ahora que se conoce el caso, las compañías se pondrán manos a la obra.

 

 

 

Artículos Relacionados:

http://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/

http://techxplore.com/news/2014-05-math-student-oauth-openid-vulnerability.html

http://phys.org/news/2014-05-math-student-oauth-openid-vulnerability.html

http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html

http://russiapost.blogspot.ru/2014/11/openid-oauth-20.html?view=sidebar

https://hackertopic.wordpress.com/2014/07/11/oauth-openid-covert-redirect

http://germancast.blogspot.de/2014/11/sicherheitslucke-in-oauth-20-und-openid.html

http://diebiyi.com/articles/security/covert-redirect/sicherheitslucke-in-oauth-2-0-und-openid-gefunden/

http://www.inzeed.com/kaleidoscope/covert-redirect/openid-oauth-2.0

http://blog.kaspersky.com/facebook-openid-oauth-vulnerable/

http://whitehatpost.lofter.com/post/1cc773c8_6f0b389

http://itprompt.blogspot.com/2014/12/falha-de-seguranca-afeta-logins-de.html

http://www.foxnews.com/tech/2014/05/05/facebook-google-users-threatened-by-new-security-flaw/

http://www.tetraph.com/blog/covert-redirect/sicherheitslucke-in-oauth-2-0-und-openid-gefunden/

http://www.inzeed.com/kaleidoscope/covert-redirect/372/

พบช่องโหว่ความปลอดภัยในระบบล็อกอิน OAuth และ OpenID เว็บใหญ่โดนกันถ้วนหน้า, Covert Redirect

15 Sunday Jun 2014

Posted by essaybeans in IT Security, Web Security

≈ Leave a comment

Tags

0Day, การวิจัย, การเปลี่ยนเส้นทาง แอบแฝง, ข้อบกพร่อง, ข้อผิดพลาด, คณิตศาสตร์, คอมพิวเตอร์, ช่อง, ปัญญา, ปัญหา, ป้องกัน, ฟิชชิ่ง, สิงคโปร์, สีขาว, หมวก, อาชญากรรม, เว็บ, เว็บไซต์, แอพลิเคชัน, แฮกเกอร์, โจมตี, โหว่, ไซเบอร์, ไอที ข่าว, internet, justqdjing, OAuth 2.0, OpenID, tetraph, URL เปลี่ยนเส้นทาง, wang Jing

พบช่องโหว่ความปลอดภัยในระบบล็อกอิน OAuth และ OpenID เว็บใหญ่โดนกันถ้วนหน้า, Covert Redirect

Wang Jing นักศึกษาปริญญาเอกจาก Nanyang Technology University ในสิงคโปร์ ประกาศค้นพบช่องโหว่ในระบบล็อกอิน OAuth 2.0 และ OpenID ที่ส่งผลกระทบต่อเว็บไซต์ชื่อดังเป็นจำนวนมาก

bug-malware-virus-security-threat-breach-370x229

Jing เรียกช่องโหว่นี้ว่า “Covert Redirect” เพราะมันอาศัยการที่ระบบล็อกอินทั้งสองตัวจะยืนยันตัวตนผู้ใช้ แล้ว redirect ไปยังเว็บไซต์ปลายทาง แต่กลับไม่ตรวจสอบเว็บไซต์ปลายทางให้ดีก่อน จึงอาจถูก ใช้ในการปลอม redirect ไปยังเว็บไซต์ของผู้โจมตีแทนได้ (และเว็บไซต์ที่โจมตีจะได้ข้อมูลส่วนตัวจาก เว็บไซต์ต้นทางไป แล้วแต่สิทธิที่ผู้ใช้อนุญาตให้)

http://biboying.lofter.com/post/1cc9f4f5_43973bc

एक अन्य Heartbleed?वेब सुरक्षा में पाया दोषों, Covert Redirect

09 Monday Jun 2014

Posted by essaybeans in IT Security, Web Security

≈ Leave a comment

Tags

0Day, अनुसंधान, अपराध अनुप्रेषित, आवेदन, इंटरनेट, कंप्यूटर, गणित, गुप्त, जोखिम, दोष, फिशिंग, बग, बुद्धि, यह खबर, यूआरएल पुनर्निर्देशन, रक्षा, वेब, वेबसाइट, सफेद टोपी, समस्या, साइबर, सिंगापुर, हमले, हैकर, diebiyi, inzeed, jing wang, justqdjing, OAuth 2.0, OpenID, tetraph

एक अन्य Heartbleed?वेब सुरक्षा में पाया दोषों, Covert Redirect

इंटरनेट अब भी Heartbleed बग से जूझ रहा है, जबकि सुरक्षा प्रोटोकॉल OAuth 2.0 और OpenID में एक प्रमुख नए भेद्यता खोज की गई है.

internet-computer-security

सिंगापुर में नानयांग प्रौद्योगिकी विश्वविद्यालय की पीएचडी की छात्रा वांग जिंग हैकर्स उपयोगकर्ताओं को जानने के बिना प्रवेश जानकारी चोरी करने की कोशिश में फ़िशिंग तकनीक का उपयोग करने की अनुमति देता है कि एक बग देखा.

बग अनिवार्य रूप से साइबर अपराधी के बजाय डोमेन faking के अधिक आम रणनीति का एक फ़िशिंग पॉपअप सत्ता में असली वेबसाइट प्रमाणीकरण का उपयोग करने की अनुमति देता है.इस प्रक्रिया में, हैकर्स उपयोगकर्ता के लॉगिन क्रेडेंशियल प्राप्त होगा.

http://essayjeans.lofter.com/post/1cc7459a_43bf99e

Falha de segurança afeta logins de Facebook, Google e Microsoft

27 Tuesday May 2014

Posted by essaybeans in 0day, Hacker Tech

≈ Leave a comment

Tags

0-day, a pesquisa, aplicação, ataque, computador, Covert Redirect, crime, cyber, defesa, engenharia, erro, falha, hacker, inteligência, internet, jing wang, justqdjing, matematica, Notícias de TI, OAuth 2.0, OpenID, Phishing, problema, redirecionamento, redirecionamento encoberta, singapura, tetraph, URL, vulnerabilidade, web, website, white-hat

internet connection concept, 3d generated image

Um estudante de PHD de Singapura, Wang Jing, identificou a falha, chamada de “Covert Redirect”, que consegue usar domínios reais de sites para verificação de páginas de login falsas, enganando os internautas.

 

Os cibercriminosos podem criar links maliciosos para abrir janelas pop-up do Facebook pedindo que o tal aplicativo seja autorizado. Caso seja realizada esta sincronização, os dados pessoais dos usuários serão passados para os hackers.

 

Wang afirma que já entrou em contato com o Facebook, porém recebeu uma resposta de que “entende os riscos de estar associado ao OAuth 2.0″ e que corrigir a falha “é algo que não pode ser feito por enquanto”.

 

O Google afirmou que o problema está sendo rastreado, o LinkedIn publicou nota em que garante que já tomou medidas para evitar que a falha seja explorada, e a Microsoft negou que houvesse vulnerabilidade em suas páginas, apenas nas de terceiros.

 

A recomendação do descobridor da falha para os internautas é que evitem fazer o login com dados de confirmação de Facebook, Google ou qualquer outro serviço sem terem total certeza de que estão em um ambiente seguro.

 

 

Especialistas: erro é difícil de corrigir

O site CNET ouviu dois especialistas em segurança virtual sobre o assunto. Segundo Jeremiah Grossman, fundador e CEO interino da WhiteHat Security, afirma que a falha “não é fácil de corrigir”. Segundo Chris Wysopal, diretor da Veracode, a falha pode enganar muita gente.

 

“A confiança que os usuários dão ao Facebook e outros serviços que usam OAuth pode tornar mais fácil para os hackers enganarem as pessoas para que elas acabem dando suas informações pessoais a ele”, afirma Wsyopal.

 

 

 

notícias relacionadas:
http://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/
http://techxplore.com/news/2014-05-math-student-oauth-openid-vulnerability.html
http://phys.org/news/2014-05-math-student-oauth-openid-vulnerability.html
http://www.tomsguide.com/us/facebook-google-covert-redirect-flaw,news-18726.html
http://news.yahoo.com/facebook-google-users-threatened-security-192547549.html
http://thehackernews.com/2014/05/nasty-covert-redirect-vulnerability.html
http://www.scmagazine.com/covert-redirect-vulnerability-impacts-oauth-20-openid/article/345407/
http://computerobsess.blogspot.com/2014/10/id-oauth.html
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html
http://russiapost.blogspot.ru/2014/11/openid-oauth-20.html?view=sidebar
https://hackertopic.wordpress.com/2014/07/11/oauth-openid-covert-redirect
http://germancast.blogspot.de/2014/11/sicherheitslucke-in-oauth-20-und-openid.html
http://diebiyi.com/articles/security/covert-redirect/sicherheitslucke-in-oauth-2-0-und-openid-gefunden/
http://www.inzeed.com/kaleidoscope/covert-redirect/openid-oauth-2.0
https://webtechwire.wordpress.com/2014/12/09/oauth%E3%81%A8openid%E3%81
http://tetraph.tumblr.com/post/118850487757/itinfotech-covert
http://frenchairing.blogspot.fr/2014/11/des-vulnerabilites-pour-les-boutons.html
https://itswift.wordpress.com/2014/06/06/covert-redirect-openid-oauth
http://blog.kaspersky.com/facebook-openid-oauth-vulnerable/
http://whitehatpost.lofter.com/post/1cc773c8_6f0b389
http://itprompt.blogspot.com/2014/12/falha-de-seguranca-afeta-logins-de.html
http://www.foxnews.com/tech/2014/05/05/facebook-google-users-threatened-by-new-security-flaw/
http://www.tetraph.com/blog/covert-redirect/sicherheitslucke-in-oauth-2-0-und-openid-gefunden/
http://www.inzeed.com/kaleidoscope/covert-redirect/372/

Xuất hiện lỗ hổng Covert Redirect, bản sao của “Trái tim rỉ máu”

19 Monday May 2014

Posted by essaybeans in IT Security, Web Security

≈ Leave a comment

Tags

0Day, ứng dụng, chuyển hướng, chuyển hướng lén lút, dễ bị tổn thương, diebiyi, hacker, internet, inzeed, IT News, jing wang, justqdjing, lỗ hổng, lỗi, lừa đảo, máy tính, mạng, mũ trắng, nghiên cứu, OAuth 2.0, OpenID, phòng thủ, singapore, tình báo, tấn công, tội phạm, tetraph, toán, trang web, URL, vấn đề, web

Xuất hiện lỗ hổng Covert Redirect, bản sao của “Trái tim rỉ máu”

Một nghiên cứu sinh tại trường Đại học Công nghệ Nanyang (Singapore) vừa phát hiện một lỗ hổng bảo mật tồn tại trong phần mềm mã nguồn mở đang được rất nhiều website sử dụng. Thông tin mới nhất cho thấy lỗ hổng này ảnh hưởng đến cả Google, Facebook, Microsoft, LinkedIn, PayPal và một số công ty lớn khác.

dangerous-fingers-hacking-540x334

Wang Jing, nghiên cứu sinh tiến sĩ tại Đại học Công nghệ Nanyang là người phát hiện ra lỗ hổng đang tồn tại trong công cụ đăng nhập mã nguồn mở OAuth và OpenID. Wang Jing gọi lỗ hổng này là “Covert Redirect” (tạm dịch là Bí mật chuyển hướng). Hacker có thể gài mã độc ẩn dưới dạng một cửa sổ pop-up, hiện ra khi người dùng đăng nhập vào một website có lỗ hổng. Chẳng hạn như khi người dùng gõ địa chỉ Facebook, một cửa sổ pop-up hiện ra yêu cầu điền tên đăng nhập và mật khẩu. Nếu người dùng đưa thông tin vào thì những thông tin ấy sẽ “bí mật chuyển hướng” đến hacker.

http://aibiyi.lofter.com/post/1cc9f4e9_4393862

Facebook, Google Users Threatened by New Security Flaw, Covert Redirect

06 Tuesday May 2014

Posted by essaybeans in Covert Redirect, Hacker Tech, Phishing, Privilege Escalation

≈ Leave a comment

Tags

0day Flaw, by New Security, Cnet, Covert Redirect, Exploit Attack, Facebook, Google, hacker-prevention, IT Technology, jing wang, Linkedin, Microsoft, OAuth 2.0, Open Source, OpenID, Phishing Model, Tomsguid, Users Threat, Web News, Yahoo

images18

 

A serious flaw in two widely used security standards could give anyone access to your account information at Google, Microsoft, Facebook, Twitter and many other online services. The flaw, dubbed “Covert Redirect” by its discoverer, exists in two open-source session-authorization protocols, OAuth 2.0 and OpenID.

 

Both standards are employed across the Internet to let users log into websites using their credentials from other sites, such as by logging into a Web forum using a Facebook or Twitter username and password instead of creating a new account just for that forum.

 

Attackers could exploit the flaw to disguise and launch phishing attempts from legitimate websites, said the flaw’s finder, Mathematics Ph.D. student Wang Jing of the Nanyang Technological University in Singapore.

 

Wang believes it’s unlikely that this flaw will be patched any time soon. He says neither the authentication companies (those with which users have an account, such as Google, Microsoft, Facebook, Twitter or LinkedIn, among others) nor the client companies (sites or apps whose users log in via an account from an authentication company) are taking responsibility for fixing the issue.

 

“The vulnerability is usually due to the existing weakness in the third-party websites,” Wang writes on his own blog. “However, they have little incentive to fix the problem.”

 

The biggest danger of Covert Redirect is that it could be used to conduct phishing attacks, in which cybercriminals seize login credentials, by using email messages containing links to malicious websites disguised as something their targets might want to visit.

 

Normal phishing attempts can be easy to spot, because the malicious page’s URL will usually be off by a couple of letters from that of the real site. The difference with Covert Redirect is that an attacker could use the real website instead by corrupting the site with a malicious login popup dialogue box.

 

For example, say you regularly visit a given forum (the client company), to which you log in using your credentials from Facebook (the authentication company). Facebook uses OAuth 2.0 to authenticate logins, so an attacker could put a corrupted Facebook login popup box on this forum.

 

If you sign in using that popup box, your Facebook data will be released to the attacker, not to the forum. This means the attacker could possibly gain access to your Facebook account, which he or she could use to spread more socially engineered attacks to your Facebook friends.

 

Covert Redirect could also be used in redirection attacks, which is when a link takes you to a different page than the one expected.

 

Wang told CNET authentication companies should create whitelists — pre-approved lists that block any not on it — of the client companies that are allowed to use OAuth and OpenID to redirect to them. But he said he had contacted a number of these authentication companies, who all shifted blame elsewhere.

 

Wang told CNET Facebook had told him it “understood the risks associated with OAuth 2.0” but that fixing the flaw would be “something that can’t be accomplished in the short term.” Google and LinkedIn allegedly told Wang they were looking into the issue, while Microsoft said the issue did not exist on its own sites.

 

Covert Redirect appears to exist in the implementations of the OpenID and OAuth standards used on client websites and apps. But because these two standards are open-source and were developed by a group of volunteers, there’s no company or dedicated team that could devote itself to fixing the issue.

 

 

Where does that leave things?

“Given the trust users put in Facebook and other major OAuth providers, I think it will be easy for attackers to trick people into giving some access to their personal information stored on those service,” Chris Wysopal, chief technology officer of Boston-area security firm Veracode and a member of the legendary 1990s hackerspace the L0pht, told CNET.

 

“It’s not easy to fix, and any effective remedies would negatively impact the user experience,” Jeremiah Grossman, founder of Santa Clara, Calif.-based WhiteHat Security, told CNET. “Just another example that Web security is fundamentally broken and the powers that be have little incentive to address the inherent flaws.”

 

Users should be extra-wary of login popups on Web pages. If you wish to log into a given website, it might be better to use an account specific to that website instead of logging in with Facebook, Twitter, or another authentication company, which would require the use of OAuth and/or OpenID to do.

 

If you think someone has gained access to one of your online accounts, notify the service and change that account’s password immediately.

 

 

 

 

 

Related Articles:

http://www.tomsguide.com/us/facebook-google-covert-redirect-flaw,news-18726.html

http://www.scmagazine.com/covert-redirect-vulnerability-impacts-oauth-20-openid/article/345407/

http://news.yahoo.com/facebook-google-users-threatened-security-192547549.html

http://thehackernews.com/2014/05/nasty-covert-redirect-vulnerability.html

http://www.foxnews.com/tech/2014/05/05/facebook-google-users-threatened-by-new-security-flaw/

http://whitehatview.tumblr.com/post/120695795041

http://russiapost.blogspot.ru/2015/05/openid-oauth-20.html

http://www.diebiyi.com/articles/security/covert-redirect/covert_redirect/

https://itswift.wordpress.com/2014/05/06/microsoft-google-facebook-attacked/

http://tetraph.blog.163.com/blog/static/2346030512015420103814617/

http://itsecurity.lofter.com/post/1cfbf9e7_72e2dbe

http://ithut.tumblr.com/post/119493304233/securitypost-une-faille-dans-lintegration

http://japanbroad.blogspot.jp/2015/05/oauthopenid-facebook.html

http://webtech.lofter.com/post/1cd3e0d3_6f0f291

https://webtechwire.wordpress.com/2014/05/11/covert-redirect-attack-worldwide/

http://whitehatview.tumblr.com/post/119489968576/securitypost-sicherheitslucke-in-oauth-2-0-und

http://www.inzeed.com/kaleidoscope/computer-security/facebook-google-attack/

 

 

 

 

 

← Older posts
December 2019
M T W T F S S
« Nov    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Archives

  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • October 2013
  • August 2013
  • August 2012

Recent Posts

  • PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug
  • KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug
  • MOZILLA ONLINE WEBSITE TWO SUB-DOMAINS XSS (CROSS-SITE SCRIPTING) BUGS ( ALL URLS UNDER THE TWO DOMAINS)
  • CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilitie
  • Godaddy Online Website Covert Redirect Web Security Bugs Based on Google.com
  • Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug
  • CVE-2015-2563 – Vastal I-tech phpVID 1.2.3 SQL Injection Web Security Vulnerabilities
  • CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities
  • CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities
  • CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
  • CXSecurity WLB-2015040034 6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Web Security Vulnerabilities
  • OSVDB 119342, 119323 NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities
  • BUGTRAQ 75176 – 6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities
  • FC2 Online Web Service Open Redirect (Unvalidated Redirects and Forwards) Cyber Security Vulnerabilities
  • FC2 fc2.com Online Website URLs XSS (cross site scripting) Vulnerabilities (All URLs Under Domain blog.fc2.com/tag)
  • Rakuten Website Search Page XSS (cross site scripting) Web Security Vulnerability
  • Rakuten Online Website Open Redirect (URL Redirection) Cyber Security Vulnerabilities
  • CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
  • CVE-2015-2243 Webshop hun v1.062S Directory Traversal Web Security Vulnerabilities
  • Comsenz SupeSite CMS Stored XSS (Cross-site Scripting) Security Vulnerabilities
  • Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities
  • OSVDB 120807 NetCat CMS 3.12 HTML Injection Web Security Vulnerabilities
  • NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities
  • Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities
  • CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability
  • CVE-2014-9557 SMARTCMS MULTIPLE XSS (CROSS-SITE SCRIPTING) SECURITY VULNERABILITY
  • The Weather Channel fixes web app flaws
  • 紐約時報所有2013年前舊文章XSS漏洞
  • Times of India website vulnerable to Cross Site Scripting (XSS) attacks
  • CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities
  • ヤフーYahoo.co.jpオープンリダイレクトセキュリティ脆弱性
  • DoubleClick do Google pode ser vulnerável a ataques
  • CNN出现XSS及Open Redirect安全漏洞
  • CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Security Vulnerability
  • 隱蔽重定向安全漏洞
  • CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability
  • CVE-2015-2242 – Webshop hun v1.062S SQL Injection Web Security Vulnerabilities
  • CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities
  • CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Security Vulnerability
  • CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities
  • About Group 超过 99.88% 的链接容易遭受 XSS 和 XFS 攻击
  • CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability
  • About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Web Security Vulnerabilities
  • CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities
  • Maxwell’s Formulation – Differential Forms on Euclidean Space
  • Yahoo and Yahoo Japan May be Vulnerable to Spams
  • Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities
  • CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerability
  • Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Web Security Bugs
  • CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

Blog at WordPress.com.

Cancel
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy