Covert Redirect Vulnerability

Covert Redirect is an application that takes a parameter and redirects a user to the parameter value WITHOUT SUFFICIENT validation. This is often the of result of a website’s overconfidence in its partners. In another word, the Covert Redirect vulnerability exists because there is not sufficient validation of the redirected URLs that belong to the domain of the partners.

Covert Redirect Vulnerability  Covert Redirect is an application that takes a parameter and redirects a user to the parameter value WITHOUT SUFFICIENT validation. This is often the of result of a website’s overconfidence in its partners. In another word, the Covert Redirect vulnerability exists because there is not sufficient validation of the redirected URLs that …

Continue reading Covert Redirect Vulnerability

Covert Redirect: http://tetraph.com/covert_redirect/ A serious Covert Redirect ( http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html ) vulnerability related to OAuth 2.0 and OpenID was found.   Almost all major OAuth 2.0 and OpenID providers are affected, such as Facebook, Google, Yahoo, LinkedIn, Microsoft, PayPal, GitHub, QQ, Taobao, Weibo, VK, Mail.Ru, Sohu. 163, Alipay, Alibaba, Sina etc. I will introduce them one by …

Continue reading Covert Redirect Vulnerability Related to OAuth 2.0 and OpenID

 SINGAPORE: Call them cybersecurity vigilantes if you will, or “white hats” – as they are known in the hacking world. Mr Wang Jing and Mr Zhao Hainan are part of a growing group of individuals who are taking it upon themselves to test the security of information systems in organisations and report security flaws.   Earlier …

Continue reading WHITE HAT HACKERS TESTING SECURITY OF COMPUTER SYSTEMS IN SINGAPORE