FC2 Online Web Service Open Redirect (Unvalidated Redirects and Forwards) Cyber Security Vulnerabilities

  FC2 Online Web Service Open Redirect (Unvalidated Redirects and Forwards) Cyber Security Vulnerabilities   Domain: fc2.com “FC2 (founded July 20, 1999) is a popular Japanese blogging host, the third most popular video hosting service in Japan (after YouTube and… Continue Reading

76.3% WEATHER CHANNEL WEBSITE LINKS VULNERABLE TO REFLECTED CROSS-SITE SCRIPTING (XSS)

Popular Weather Channel web site (Weather.com) has been found to be vulnerable to a reflected Cross-Site Scripting flaw, according to security researcher Wang Jing’s research. The vulnerability lies in that Weather.com does not filter malicious script codes when constructing HTML… Continue Reading

All Links to New York Times Articles Prior to 2013 Vulnerable to XSS Attacks

URLs to articles in New York Times (NYT) published before 2013 have been found to be vulnerable to an XSS (cross-site scripting) attack capable of delivering code to be executed in the context of the web browser.   Based on… Continue Reading

Articles of New York Times Before 2013 May Vulnerable to XSS Attacks

  New York Times articles’ pages dated before 2013 may suffer from an XSS (Cross-site Scripting) vulnerability, according to the report posted by security researcher Wang Jing. Wang is a mathematics Ph.D student from School of Physical and Mathematical Sciences,… Continue Reading

Continúan los problemas: OAuth y OpenID también son vulnerables

Un nuevo fallo de seguridad amenaza Internet. En este caso se trata de Covert Redirect y ha sido descubierto por un estudiante chino en Singapur. Las empresas tienen en sus manos solucionar este problema.     Cuando aún resuenan los… Continue Reading

Falha de segurança afeta logins de Facebook, Google e Microsoft

Um estudante de PHD de Singapura, Wang Jing, identificou a falha, chamada de “Covert Redirect”, que consegue usar domínios reais de sites para verificação de páginas de login falsas, enganando os internautas.   Os cibercriminosos podem criar links maliciosos para… Continue Reading

하트블리드 이어 ‘오픈ID’와 ‘오쓰(OAuth)’서도 심각한 보안 결함

  ‘하트블리드(Heartbleed)’ 버그에 이어 가입자 인증 및 보안용 오픈소스 SW인 ‘오픈ID’와‘오쓰(OAuth)’에도 심각한 결함이 발견됐다고 씨넷, 벤처비트 등 매체들이 보도했다.     싱 가폴난양대학교에 재학중인 ‘왕 징(Wang Jing)’ 박사는 수 많은 웹사이트와 구글, 페이스북, 링크드인, MS, 페이팔 등에서 사용하고 있는 로그인… Continue Reading

Internet Users Threatened by New Security Flaw, Covert Redirect

  A serious flaw in two widely used security standards could give anyone access to your account information at Google, Microsoft, Facebook, Twitter and many other online services. The flaw, dubbed “Covert Redirect” by its discoverer, exists in two open-source… Continue Reading

Des vulnérabilités pour les boutons types S’identifier avec Facebook

Quelques semaines seulement après la découverte du bug Heartbleed, les utilisateurs moyens comme vous et moi pourraient s’inquiéter d’un autre problème très répandu qui ne sera pas facile à réparer. Il s’agit du bug « Covert Redirect » récemment révélé… Continue Reading

Студент-математик нашёл уязвимость в OpenID и OAuth 2.0

OAuth и OpenID — очень популярные протоколы, которые совместно используются для авторизации и аутентификации. Приложение OAuth генерирует токены для клиентов, а OpenID предоставляет возможность децентрализованной аутентификации на сторонних сайтах, раскрывая персональные данные пользователей. Студент Ван Цзин (Wang Jing) с факультета… Continue Reading