Skype And Dropbox Fix Redirect Security Hole That Could’ve Hacked Your Facebook
Image Credits: elhombredenegro / Flickr under a CC BY 2.0 license.
Nir Goldshlager just saved your identity. One of the world’s top white hat security researchers, Goldshlager this week helped Skype and Dropbox fix a critical security flaw that could have let hackers take control of their users’ Facebook accounts. Tomorrow Goldshlager will detail how he found the exploit, but he gave TechCrunch the early heads up. Here’s how hackers exploit the hole.
First the good news. Since it was reported responsibly, it appears that no one fell victim to this flaw, known as an “open redirect vulnerability.” The issue essentially occurs when a website doesn’t validate the URL where it sends a user and their access tokens. Normally sites verify that the URLs they send you to are either owned by them or one of their trusted partners. But if they don’t, a hacker who knows someone’s user ID and that they’ve granted permissions to a vulnerable site could visit www.MySiteIsVulnerable.com?UserID55555redirect=www.MaliciousSite.com and steal that person’s access tokens, allowing them to take actions as if they were the hacked user. Naughty identity thieves.
I
Goldshlager discovered this flaw, but rather than exploit it himself or publish it for other hackers to use, he responsibly reported it to Skype, Dropbox and Facebook, who’ve all confirmed it’s now fixed. In Skype’s case, the issue was actually with one of its partners that builds software for the app, which they fixed together. Though the bug wasn’t Facebook’s fault, the company tells me:
We applaud the security researcher who brought this issue to the attention of the affected organizations and for responsibly reporting the bug to our White Hat Program. These bugs were triggered from open redirect vulnerabilities in domains that were authorized for OAuth. While not a Facebook bug, we have and will continue to work with our OAuth partners to prevent this exploit. Due to the responsible reporting of this issue to Facebook and the affected companies, we have no evidence that users were impacted by this issue.
The whole situation is nothing new for the Israeli security researcher. Goldshlager has been on the top of Facebook’s White Hat ‘Thank You” list for the last two years because he’s reported more bugs than anyone else. He also just started a White Hat security company called Breaksec that helps clients find bugs before crooks do.
Oh, and the guy keeping you safe on the web also has an awesome name. So this drink of spicy cinnamon Schnapps is on us, Mr. Goldshlager. Keep hacking for good.
[Image Credit: elhombredenegro / Flickr]