" redirect Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more

Posts Tagged ‘redirect’

OpenID and OAuth Vulnerabilities … LuxSci is not Vulnerable

Tuesday, May 6th, 2014

OpenIDLuxSci provides OpenID services for facilitate easy and/or secure access to its WebMail services.

On May 2, a security researcher issued a notice that OpenID and OAuth have vulnerabilities that might allow a malicious website to hijack a response from a social login. Initial investigations from the OpenID Foundation indicate that this is not a new discovery, and that mitigations are clearly outlined in the OAuth Threat Model document. However, it has received coverage in the popular tech press. The threat is that the callback URL or redirect URI is compromised, which could lead to a customer’s data being shared with a malicious website, as well as the user being directed to another website.

In short, LuxSci’s OpenID solution is not vulnerable to this issue and our users are safe to use OpenID with LuxSci.

None of the OpenID providers that we support are vulnerable to this issue (e.g. Google, facebook, twitter, etc.) Facebook and Twitter were both vulnerable several years ago, but Twitter changed their protocol and facebook deprecated their OAuth 1.x support which had the bug.   In the newer OpenID 2.0 specification, the language describing how things must work was cleared up to say that validation checks at issue must be performed (version 1.x only said that they were optional). Several other mentions of this issue have appeared in various publications and have confused it with general phishing attacks, which is a real, but different problem.

Easy Permanent Redirects for Web Sites

Tuesday, January 10th, 2006

LuxSci’s web hosting tools now permit you to easily create permanent redirects for you web site(s). You can permanently redirect all requests from http://www.yourdomain.com to http://yourdomain.com or from http://yourdomain.com to http://www.yourdomain.com or from your domain to any URL of your choice. This permits you to easily map one web site onto another or redirect from web site to another in a way that is search engine friendly.