Facebook, Google users threatened by new security flaw

fb gogA serious flaw in two widely used security standards could give anyone access to your account information at Google, Microsoft, Facebook, Twitter and many other online services. The flaw, dubbed “Covert Redirect” by its discoverer, exists in two open-source session-authorization protocols, OAuth 2.0 and OpenID.

Both standards are employed across the Internet to let users log into websites using their credentials from other sites, such as by logging into a Web forum using a Facebook or Twitter username and password instead of creating a new account just for that forum.

 Attackers could exploit the flaw to disguise and launch phishing attempts from legitimate websites, said the flaw’s finder, Ph.D. student Wang Jing of the Nanyang Technological University in Singapore.  More
Share the Knowledge:
Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInEmail this to someonePin on Pinterest