How to hack wifi password using kali linux – A network penetration testing tool
Senate verifies Stemen, the Cyber Criminal for the State Board of Higher Education
The Best Free Flashlights Applications Available
The Cyber Criminals Accused of Data Theft From JPMorgan Chase Are Chased After
CIA wanted to hack the Apple iPhones from initial days
Anonymous has threatened the BBC with a DDoS attack
Trinity Mirror might face commercial charges over suspected cell phone cyber attack
Emma Watson’s Naked Picture Leaked!
After the world’s biggest data breach ‘Heartbleed,’ a different vulnerabilty has been discovered that could have allowed hackers to attack on your personal data and steal that.
A security flaw in the OAuth and OpenID online login protocols could be used to steal data and redirect users to malicious websites, CNET reports.
This Flaw dubbed “Covert Redirect,” which actually affecting users as a login pop-up based on affected site’s domain, and today, in most cases we are using login pop-up like if we want to log-in into a website through facebook so usually a pop-up opens for Authentication ‘OAUTH.’
This Flaw is not similar like phishing in which you can watch out your URL carefully, actually in this “Instead of using a Fake domain name, Covert Redirect flaw uses the real site address for authentication.”‘
Authorising the app will transfer your data to the attacker instead of reaching a legitimate site like Facebook or Google. Thus, personal data including email addresses, birth dates, contact lists and even control of the account could be given to hackers.
How to protect yourself?
You must close any of the suspicious-looking tabs that pop up demanding login credentials for Facebook, Google, Twitter, or any other Internet Services that use these open-source protocols.
The Covert Redirect exploit has been discovered by Wang Jing, a Ph.D student at the Nanyang Technological University in Singapore who already contacted Facebook about it. However, Facebook told him that while it “understood the risks associated with OAuth 2.0,” but fixing the bug is “something that can’t be accomplished in the short-term.” “Short of forcing every single application on the platform to use a whitelist,” a simple fix isn’t available.
Wang also contacted other popular sites like Google, Microsoft and LinkedIn, and each one giving him different answers.
Google: The matter was being tracked.
LinkedIn: it would publicly address it in a blog post.
Microsoft: We completed an investigation into the matter, and the security flaw has been discovered on a third-party site, not on one of its own.
WhiteHat Security founder and interim CEO Jeremiah Grossman agreed with Wang’s findings, but also with what Internet companies told him.
“While I can’t be 100 percent certain, I could have sworn I’ve seen a report of a very similar if not identical vulnerability in OAuth. It would appear this issue is essentially a known WONTFIX,” Grossman said. “This is to say, it’s not easy to fix, and any effective remedies would negatively impact the user experience. Just another example that Web security is fundamentally broken and the powers that be have little incentive to address the inherent flaws.”