Mcafee redirector6/4/2023 ![]() ![]() To ensure that more valuable data isn’t obtained, be sure to use different passwords for your social, email, and bank accounts. Create a variety of passwords for your accounts. Using Covert Redirect, hackers can work to gain access to your social media account credentials.Do not put anything on your social media accounts (like Facebook or Google+) that you wouldn’t want anyone else to know. Link your accounts over OAuth 2.0 or OpenID only on websites you trust, and know what information is being shared. Connect your accounts sparingly. If you still prefer to link websites (or social media accounts) together for easier logins, then do so sparingly.In the event of a redirect attack like the one discussed here, McAfee LiveSafe™ service can help by warning you of dangerous websites and monitoring your public information stored online. Install comprehensive security. A comprehensive security system can protect you from phishing attacks and malicious websites by notifying you what websites are safe.So what can you do to protect yourself when suffer from vulnerability-fatigue? Here are a few tips: And when a real disaster-like Heartbleed-does strike, few will pay attention. If my hunch is correct, then many people may suffer from vulnerability-fatigue, where news of a new disaster is routine and ignored. Jing’s intentions in re-announcing a known flaw, but the cynic in me suggests that we’re going to see a lot more flashy “new” vulnerabilities discovered by upstart security firms and researchers aiming to attract attention to themselves and their research. Jing has done is dress it up in a nice logo and website a la Heartbleed. It turns out that Covert Redirect has been known about for some time. So if that’s the case, then why is Covert Redirect attracting so much attention? ![]() Overall, Covert Redirect requires too much work and effort on a hacker’s behalf to get info that’s of little value. Thus, while hackers may obtain (keyword here being may) your social media login credentials, your bank account should be safe. Few, if any, require banking information in order to open an account. Furthermore, the information sought by hackers in Covert Redirect may be of little value: since OpenID and OAuth 2.0 are targeted towards social interactions, the websites and applications requiring verification tend to be social in nature. It also requires hackers to conduct a phishing campaign-a large-scale operation that tries to trick users into clicking on links-in order to commence. This vulnerability requires hackers to track down a vulnerable application or service in order to work. the New York Times) have proper security standards in place, Covert Redirect cannot be executed. However, as long as both the service (i.e. Essentially, they take your credentials from one website-say, Facebook-and apply them to a different website-say, The New York Times-so you can login with an existing ID and password, rather than creating a new account. Those standards are called OAuth 2.0 and OpenID. That doesn’t mean you shouldn’t be concerned about it, but that you should be wary when someone runs around claiming they’ve found the Web’s next biggest exploit.Ĭovert Redirect takes advantage of two popular standards used to verify a person’s identity across different websites. ![]() In terms of severity, Covert Redirect ranks fairly low. So if Covert Redirect isn’t as bad as Heartbleed, should you worry? It was a simple vulnerability that could be exploited by a single line of code. Heartbleed didn’t depend on meeting specific criteria in order to wreak havoc. If successfully executed, it can be a damaging attack that steals your login credentials and potentially installs malware on your device.īut that’s the difference between this vulnerability and the infamous Heartbleed: it depends on a lot of “ifs.” The entire success of the attack depends on certain criteria being met, most notably of which is finding a vulnerable application for the hacker to take advantage of. If the faux-authorization is successful, the hacker can redirect the user to a website loaded with malicious software. Discovered by Wang Jing, a mathematics PhD student in Singapore, Covert Redirect enables hackers to trick users into surrendering personal information by posing as an authorization window (a popup window which asks for authorization to connect to a third party website or application). The vulnerability in question has been dubbed “Covert Redirect,” due to its stealthy tactics. Now, there’s a new vulnerability in town claiming to be the next core-shaking Internet threat. When Heartbleed struck in April, it shook the Internet to its core in an almost literal sense: the vulnerability, which could allow hackers to trick servers into surrendering sensitive data, took advantage of how communications are made online. ![]()
0 Comments
Leave a Reply. |