Close Menu
Technotification
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram
    Technotification
    • Home
    • News
    • How To
    • Explained
    • Facts
    • Lists
    • Programming
    • Security
    • Gaming
    Technotification
    Home › Security › Facebook, Google, Twitter and thousands more websites’ Login Protocols Hacked –There is not any FIX for that!

    Facebook, Google, Twitter and thousands more websites’ Login Protocols Hacked –There is not any FIX for that!

    By Vikram Singh RaoJune 7, 2017
    Facebook Twitter Reddit LinkedIn
    Untitled

    After the world’s biggest data breach ‘Heartbleed,’ a different vulnerabilty has been discovered that could have allowed hackers to attack on your personal data and steal that.

    A security flaw in the OAuth and OpenID online login protocols could be used to steal data and redirect users to malicious websites, CNET reports.
    This Flaw dubbed “Covert Redirect,” which actually affecting users as a login pop-up based on affected site’s domain, and today, in most cases we are using login pop-up like if we want to log-in into a website through facebook so usually a pop-up opens for Authentication ‘OAUTH.’

    Most Important:
    This Flaw is not similar like phishing in which you can watch out your URL carefully, actually in this “Instead of using a Fake domain name, Covert Redirect flaw uses the real site address for authentication.”
    Authorising the app will transfer your data to the attacker instead of reaching a legitimate site like Facebook or Google. Thus, personal data including email addresses, birth dates, contact lists and even control of the account could be given to hackers.

    How to protect yourself?
    You must close any of the suspicious-looking tabs that pop up demanding login credentials for Facebook, Google, Twitter, or any other Internet Services that use these open-source protocols.
    The Covert Redirect exploit has been discovered by Wang Jing, a Ph.D student at the Nanyang Technological University in Singapore who already contacted Facebook about it. However, Facebook told him that while it “understood the risks associated with OAuth 2.0,” but fixing the bug is “something that can’t be accomplished in the short-term.” “Short of forcing every single application on the platform to use a whitelist,” a simple fix isn’t available.
    Wang also contacted other popular sites like Google, Microsoft and LinkedIn, and each one giving him different answers.

    Google: The matter was being tracked.
    LinkedIn: it would publicly address it in a blog post.
    Microsoft: We completed an investigation into the matter, and the security flaw has been discovered on a third-party site, not on one of its own.

    WhiteHat Security founder and interim CEO Jeremiah Grossman agreed with Wang’s findings, but also with what Internet companies told him.

    “While I can’t be 100 percent certain, I could have sworn I’ve seen a report of a very similar if not identical vulnerability in OAuth. It would appear this issue is essentially a known WONTFIX,” Grossman said. “This is to say, it’s not easy to fix, and any effective remedies would negatively impact the user experience. Just another example that Web security is fundamentally broken and the powers that be have little incentive to address the inherent flaws.”

     

    Share. Facebook Twitter LinkedIn Tumblr Reddit Telegram WhatsApp
    Vikram Singh Rao
    • Website
    • Facebook
    • X (Twitter)
    • LinkedIn

    I am an entrepreneur at heart who has made his hobby turned a passion, his profession now.

    Related Posts

    NVIDIA GeForce NOW is Finally Coming to India

    January 8, 2025

    The Psychology of a Phishing Email: How Scammers Play with Your Mind

    July 16, 2024

    9 Essential Elements of a Strong Cyber Security Management System

    July 3, 2024

    Common Cyber Attacks and How to Prevent Them

    July 3, 2024

    How Cyber Security Paid Training Prepares You for Real-World Threats

    June 13, 2024

    The Role of Security in Server Colocation Environments

    March 12, 2024
    Lists You May Like

    10 Best RARBG Alternative Sites in April 2025 [Working Links]

    April 1, 2025

    10 Sites to Watch Free Korean Drama [2025 Edition]

    January 2, 2025

    The Pirate Bay Proxy List in 2025 [Updated List]

    January 2, 2025

    10 Best Torrent Search Engine Sites (2025 Edition)

    February 12, 2025

    10 Best GTA V Roleplay Servers in 2025 (Updated List)

    January 6, 2025

    5 Best Torrent Sites for Software in 2025

    January 2, 2025

    1337x Alternatives, Proxies, and Mirror Sites in 2025

    January 2, 2025

    10 Best Torrent Sites for eBooks in 2025 [Working]

    January 2, 2025

    10 Best Anime Torrent Sites in 2025 [Working Sites]

    January 6, 2025

    Top Free Photo Editing Software For PC in 2025

    January 2, 2025
    Pages
    • About
    • Contact
    • Privacy
    • Careers
    Privacy

    Information such as the type of browser being used, its operating system, and your IP address is gathered in order to enhance your online experience.

    © 2013 - 2025 Technotification | All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.