An open-redirect vulnerability Identified in the popular instant messaging platform Meebo.
Open-redirect vulnerabilities can be leveraged by cybercriminals to lure their victims to arbitrary domains. The user believes that he/she is visiting a legitimate, reputable site, when they’re actually seamlessly redirected to a malicious one.
The security hole has been reported to Google, which bought Meebo
back in June, but the search giant’s security team told the expert that
“the security benefits of a well-implemented and carefully monitored
URL redirector tend to outweigh the perceived risks.”
They’ve pointed him to the bug bounty page where they explain why such URL redirection vulnerabilities are not included in their reward program.
“Some members of the security community argue that open redirectors are a security issue,” reads the section on URL redirection.
“The common argument in favor of this view is that some users, when presented with a carefully crafted link, may be duped into thinking that they will be taken to a trusted page - but will be not be attentive enough to examine the contents of the address bar after the redirection takes place.”
It continues, “On the other hand, we recognize that the address bar is the only reliable security indicator in modern browsers; and consequently, we think that any user who could be misled by a URL redirector can also be tricked in other ways, without relying on any particular trusted website to act as a relying party.
Open-redirect vulnerabilities can be leveraged by cybercriminals to lure their victims to arbitrary domains. The user believes that he/she is visiting a legitimate, reputable site, when they’re actually seamlessly redirected to a malicious one.
They’ve pointed him to the bug bounty page where they explain why such URL redirection vulnerabilities are not included in their reward program.
“Some members of the security community argue that open redirectors are a security issue,” reads the section on URL redirection.
“The common argument in favor of this view is that some users, when presented with a carefully crafted link, may be duped into thinking that they will be taken to a trusted page - but will be not be attentive enough to examine the contents of the address bar after the redirection takes place.”
It continues, “On the other hand, we recognize that the address bar is the only reliable security indicator in modern browsers; and consequently, we think that any user who could be misled by a URL redirector can also be tricked in other ways, without relying on any particular trusted website to act as a relying party.
Post a Comment
I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know. Be sure to check back again , after moderation i do make every effort to reply to your comments .