Guardian Solution's Website Design & Online Marketing Blog
OpenSSL, OAuth, OpenID, Oh My...
Do not login to your favorite site via pop-up!!!
Another major security vulnerability has been discovered that allows attackers to use malicious redirects that appear to be part of a legitimate site and appears as a pop-up asking for your login credentials. Many sites using popular login tools, OAuth and OpenID are facing enormous cost and complexity in preventing these malicious redirects.
Some of the sites affected are:
Yahoo
Microsoft
PayPal
VK
Github
Taobao
Mail.ru
As with the Heartbleed bug, the widespread damage that can or has been potentially done will take months if not years to be fully revealed. Many of the providers simply do not have the motivation to implement the steps necessary to fix this problem.
USERS beware, check the URL of any windows asking for login credentials. Make sure you are logging into the real page and not a fake pop-up. Beware of URL’s that include the name of the site you are visiting but are not properly formatted. Such as: Facebook.com.co,
If you are concerned with the security of your data or simply need IT help,
give us a call for a free consultation. 719.749.1112
Technology Consulting, Security First.
Not just a motto but a principle put into practice into each of our solutions.
Be sure to like us on facebook if you enjoyed this blog
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.