Heartbleed has put network security in check: few pages have been safe from the vulnerability named as CVE-2014-0160, and it seems that although it has already been eradicated there are still ink streams to talk about it. The thing is, this may not be the only thing, because it’s been discovered a fairly serious vulnerability in OAuth and OpenID, services on which the authentication of sites like Google, Facebook and Microsoft depend. Come on, they are not particularly small and the data of millions of people and user accounts are at stake because of this security breach.
To be exact, the security flaw is that A malicious website can exploit this vulnerability to use a real site in such a way as to authorize false requests for personal information. And worst of all, when you ask us for permission to do so, the screen that will be from the genuine website, which makes it much more difficult to know that we are in the middle of an attack. It has been discovered by Wang Jing, a developer in Singapore, although many other analysts claim that this vulnerability is not new and that it is an Internet problem as an integer.
A security flaw that is not going to be fixed for now
Before going public, Jing himself has been trying to notify all of these sites to solve the problem as soon as possible, but in general the answer has been a it is not our responsibility. At Google they are following the problem closely, Facebook claims to be aware but claims that it is not something that can be solved in the short term, and Microsoft is unable to solve a problem that lies with a third party. At the moment the only thing we can do as users is to try to verify all the links that we follow and that ask us to identify ourselves in any of these services, but it seems that this problem is going to give us much more.
Source | Engadget