Monthly Archives: August 2014

Falha de segurança afeta logins de Facebook, Google e Microsoft

Um estudante de PHD de Singapura, Wang Jing, identificou a falha, chamada de “Covert Redirect”, que consegue usar domínios reais de sites para verificação de páginas de login falsas, enganando os internautas.   Os cibercriminosos podem criar links maliciosos para … Continue reading

Posted in Hacker Exploit, IT Computer & Web | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

एक अन्य Heartbleed?वेब सुरक्षा में पाया दोषों, Covert Redirect

Originally posted on INZEED Business Information & Counsel:
एक अन्य Heartbleed?वेब सुरक्षा में पाया दोषों, Covert Redirect इंटरनेट अब भी Heartbleed बग से जूझ रहा है, जबकि सुरक्षा प्रोटोकॉल OAuth 2.0 और OpenID में एक प्रमुख नए भेद्यता खोज की गई है. सिंगापुर में नानयांग प्रौद्योगिकी विश्वविद्यालय की पीएचडी की छात्रा वांग जिंग हैकर्स उपयोगकर्ताओं को जानने के बिना प्रवेश जानकारी चोरी करने की कोशिश में फ़िशिंग तकनीक का उपयोग करने की अनुमति देता है कि एक बग देखा. बग अनिवार्य रूप से साइबर अपराधी के बजाय डोमेन faking के अधिक आम रणनीति का एक फ़िशिंग पॉपअप सत्ता में असली वेबसाइट प्रमाणीकरण का उपयोग करने की अनुमति देता है.इस प्रक्रिया में, हैकर्स उपयोगकर्ता के लॉगिन क्रेडेंशियल प्राप्त होगा. http://essayjeans.lofter.com/post/1cc7459a_43bf99e

Posted in Articles | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

하트블리드 이어 ‘오픈ID’와 ‘오쓰(OAuth)’서도 심각한 보안 결함

‘하트블리드(Heartbleed)’ 버그에 이어 가입자 인증 및 보안용 오픈소스 SW인 ‘오픈ID’와‘오쓰(OAuth)’에도 심각한 결함이 발견됐다고 씨넷, 벤처비트 등 매체들이 보도했다.   싱 가폴난양대학교에 재학중인 ‘왕 징(Wang Jing)’ 박사는 수 많은 웹사이트와 구글, 페이스북, 링크드인, MS, 페이팔 등에서 사용하고 있는 로그인 툴인 ‘OAuth’와‘오픈ID’에 … Continue reading

Posted in Hacker Exploit, Web Security | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Tencent QQ OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

  Tencent QQ OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)       (1) Domain: qq.com     “Tencent QQ, popularly known as QQ, is an instant messaging software service developed by Chinese company … Continue reading

Posted in 0Day, Covert Redirect, Website Testing | Tagged , , , , | Leave a comment

Sina Weibo OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

  Sina Weibo OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)     (1) Domain: weibo.com     “Sina Weibo (NASDAQ: WB) is a Chinese microblogging (weibo) website. Akin to a hybrid of Twitter and … Continue reading

Posted in 0Day, Covert Redirect, Website Testing | Tagged , , , , , , , , , | Leave a comment