Do not login to your favorite site via pop-up!!!

Another major security vulnerability has been discovered that allows attackers to use malicious redirects that appear to be part of a legitimate site and appears as a pop-up asking for your login credentials.  Many sites using popular login tools, OAuth and OpenID are facing enormous cost and complexity in preventing these malicious redirects. 
Some of the sites affected are:

Facebook

Google

Yahoo

LinkedIn

Microsoft

PayPal

QQ

Weibo

VK

Github

Taobao

Mail.ru

As with the Heartbleed bug, the widespread damage that can or has been potentially done will take months if not years to be fully revealed.  Many of the providers simply do not have the motivation to implement the steps necessary to fix this problem.

USERS beware, check the URL of any windows asking for login credentials.  Make sure you are logging into the real page and not a fake pop-up.   Beware of URL’s that include the name of the site you are visiting but are not properly formatted.   Such as: Facebook.com.co, This email address is being protected from spambots. You need JavaScript enabled to view it., facebook.comlogin.net, etc.

If you are concerned with the security of your data or simply need IT help,
give us a call for a free consultation. 719.749.1112

Technology Consulting, Security First.

Not just a motto but a principle put into practice into each of our solutions.

Be sure to like us on facebook if you enjoyed this blog