Open Redirect Vulnerability Identified in Meebo

Dec 11, 2012 | comments

An open-redirect vulnerability Identified in the popular instant messaging platform Meebo.

Open-redirect vulnerabilities can be leveraged by cybercriminals to lure their victims to arbitrary domains. The user believes that he/she is visiting a legitimate, reputable site, when they’re actually seamlessly redirected to a malicious one.

The security hole has been reported to Google, which bought Meebo back in June, but the search giant’s security team told the expert that “the security benefits of a well-implemented and carefully monitored URL redirector tend to outweigh the perceived risks.”

They’ve pointed him to the bug bounty page where they explain why such URL redirection vulnerabilities are not included in their reward program.

“Some members of the security community argue that open redirectors are a security issue,” reads the section on URL redirection.

“The common argument in favor of this view is that some users, when presented with a carefully crafted link, may be duped into thinking that they will be taken to a trusted page - but will be not be attentive enough to examine the contents of the address bar after the redirection takes place.”

It continues, “On the other hand, we recognize that the address bar is the only reliable security indicator in modern browsers; and consequently, we think that any user who could be misled by a URL redirector can also be tricked in other ways, without relying on any particular trusted website to act as a relying party. 

Share this article :

Post a Comment

I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know. Be sure to check back again , after moderation i do make every effort to reply to your comments .

Copyright © 2011. INDIATRIKS - All Rights Reserved
Template Edited By Indiatriks
Proudly Powered By Blogger