pageglimpse
andrisatteka.blogspot.com
Remove Site
andrisatteka.blogspot.com andrisatteka.blogspot.com

andrisatteka.blogspot.com

Andris Atteka's Blog

Wednesday, April 15, 2015. Google, Microsoft and token leaks. Some stir recently was caused by OAuth open redirector. And even an RFC security addendum. Was created for it. While this was known for quite some time already. It's still good to remind the general public. So here's another known issue - an Open Redirector in OpenID. It works like this - whenever "checkid immediate". Mode is used it redirects without any questions asked. And here's an example in accounts.google.com. Openid.claimed id=http...

http://andrisatteka.blogspot.com/

OVERVIEW OF andrisatteka.blogspot.com

TRAFFIC RANK
>1,000,000
REVIEWS
0
PAGES IN THIS WEBSITE
12
LINKS TO THIS WEBSITE
1
CONTACTS
0
ADDRESSES
0
SOCIAL LINKS
3
ONLINE SINCE
n/a
WEBSITE DETAILS
SEO
PAGES
SIMILAR SITES

TRAFFIC RANK FOR ANDRISATTEKA.BLOGSPOT.COM

Date Range

TODAY'S RATING

>1,000,000

TRAFFIC RANK - AVERAGE PER MONTH

Date Range

BEST MONTH

November

AVERAGE PER DAY Of THE WEEK

Date Range

HIGHEST TRAFFIC ON

Saturday

TRAFFIC BY CITY

Sign up

CUSTOMER REVIEWS

Average Rating: 4.1 out of 5 with 7 reviews
5 star
1
4 star
6
3 star
0
2 star
0
1 star
0

Date Range

Hey there! Start your review of andrisatteka.blogspot.com

AVERAGE USER RATING

Write a Review

WEBSITE PREVIEW

Desktop Preview Tablet Preview Mobile Preview

LOAD TIME

0.3 seconds

FAVICON PREVIEW

  • andrisatteka.blogspot.com

    16x16

  • andrisatteka.blogspot.com

    32x32

  • andrisatteka.blogspot.com

    64x64

  • andrisatteka.blogspot.com

    128x128

CONTACTS AT ANDRISATTEKA.BLOGSPOT.COM

ADD CONTACT
Login

TO VIEW CONTACTS

Remove Contacts

FOR PRIVACY ISSUES

CONTENT

PAGES IN
THIS WEBSITE

12

SSL

EXTERNAL LINKS

1

SITE IP

216.58.216.193

LOAD TIME

0.313 sec

SCORE

6.2

PAGE TITLE
Andris Atteka's Blog | andrisatteka.blogspot.com Reviews
<META>
DESCRIPTION
Wednesday, April 15, 2015. Google, Microsoft and token leaks. Some stir recently was caused by OAuth open redirector. And even an RFC security addendum. Was created for it. While this was known for quite some time already. It's still good to remind the general public. So here's another known issue - an Open Redirector in OpenID. It works like this - whenever checkid immediate. Mode is used it redirects without any questions asked. And here's an example in accounts.google.com. Openid.claimed id=http...
<META>
KEYWORDS
1 email this
2 blogthis
3 share to twitter
4 share to facebook
5 share to pinterest
6 microsoft's internal subdomains
7 rallycorp microsoft com
8 aolcorp microsoft com
9 ciscocorp microsoft com
10 ambercorp microsoft com
CONTENT
Page content here
KEYWORDS ON
PAGE
email this,blogthis,share to twitter,share to facebook,share to pinterest,microsoft's internal subdomains,rallycorp microsoft com,aolcorp microsoft com,ciscocorp microsoft com,ambercorp microsoft com,apicorp microsoft com,applecorp microsoft com,scope
SERVER
GSE
CONTENT-TYPE
utf-8
GOOGLE PREVIEW

Andris Atteka's Blog | andrisatteka.blogspot.com Reviews

https://andrisatteka.blogspot.com

Wednesday, April 15, 2015. Google, Microsoft and token leaks. Some stir recently was caused by OAuth open redirector. And even an RFC security addendum. Was created for it. While this was known for quite some time already. It's still good to remind the general public. So here's another known issue - an Open Redirector in OpenID. It works like this - whenever "checkid immediate". Mode is used it redirects without any questions asked. And here's an example in accounts.google.com. Openid.claimed id=http...

INTERNAL PAGES

andrisatteka.blogspot.com andrisatteka.blogspot.com
1

Andris Atteka's Blog: Scanning for Google's Active Directory computer names

http://www.andrisatteka.blogspot.com/2013/11/scanning-for-googles-active-directory.html

Saturday, November 30, 2013. Scanning for Google's Active Directory computer names. If you remember ad.corp.google.com from the previous post. Maybe you are wondering whether it stands for "Active Directory"? Looks like it does. So here's another list - apparently composed of Active Directory computer names. The list was obtained by sending e-mails to e.g. test@jfarrell1-w.ad.corp.google.com. Bbudge1-w.ad.corp.google.com. Rubin1-w.ad.corp.google.com. Jfarrell1-w.ad.corp.google.com. The threat of login CS...

2

Andris Atteka's Blog: Creepy visitor tracking using Linkedin

http://www.andrisatteka.blogspot.com/2014/10/creepy-visitor-tracking-using-linkedin.html

Sunday, October 12, 2014. Creepy visitor tracking using Linkedin. A few days ago I performed an experiment and added the following code to my blog:. Img src="https:/ www.linkedin.com/profile/view? Link in the code snippet points to my Linkedin profile and those familiar with web security will recognize the CSRF here (and the token apparently isn't validated correctly). So how did the experiment unfold? Subscribe to: Post Comments (Atom). A simple string to crash Google Chrome. The threat of login CSRF.

3

Andris Atteka's Blog: How Microsoft is giving your data to Facebook… and everyone else

http://www.andrisatteka.blogspot.com/2014/09/how-microsoft-is-giving-your-data-to.html

Tuesday, September 16, 2014. How Microsoft is giving your data to Facebook… and everyone else. A lot has been written about dangers of mistakes in OAuth implementations. Here’s another story. Microsoft uses a specialized OAuth scope. Which is available only to Facebook’s app. An interesting part is that users are never notified that the app is trying to access their data and permission is granted silently. You can try this here (you’ll have to login):. So let’s continue…. If you try to modify “. Users Th...

4

Andris Atteka's Blog: Scanning for Google's internal corporate subdomains

http://www.andrisatteka.blogspot.com/2013/11/scanning-for-googles-internal-corporate.html

Friday, November 22, 2013. Scanning for Google's internal corporate subdomains. For some reason Gmail appears to use an internal DNS server. This allows to verify existence and even resolve the IP addresses of Google's internal corporate domain names. For example, if you send an e-mail to test@root.corp.google.com you will receive an error response:. So apparently there's a server located at root.corp.google.com. And its ip address is. Oracle.corp.google.com. Microsoft.corp.google.com. The threat of logi...

5

Andris Atteka's Blog: Microsoft's internal subdomains

http://www.andrisatteka.blogspot.com/2014/10/microsofts-internal-subdomains.html

Tuesday, October 7, 2014. Outlook.com webmail service has a nice feature - it highlights potentially incorrect e-mail addresses in the "To" field. But what happens if we try to use some obscure subdomains? Well, it looks like the auto-correct feature works just as well for Microsoft's internal subdomains:. As you can see both citrix.corp.microsoft.com. And aol.corp.microsoft.com. Are recognized as valid e-mail addresses, however blabla.corp.microsoft.com. Google.corp.microsoft.com.

UPGRADE TO PREMIUM TO VIEW 7 MORE

TOTAL PAGES IN THIS WEBSITE

12

SOCIAL ENGAGEMENT



OTHER SITES

andrisaputroug.blogspot.com andrisaputroug.blogspot.com

Andri Saputro's Blog

Fak Tek. Industri Gunadarma. Klik tulisan diatas untuk masuk ke Website Universitas Gunadarma. Teknik Informatika Gunadarma Indonesia. Klik tulisan diatas untuk masuk ke Website Teknik Informatika. Fak Tek. Industri Gunadarma. Klik tulisan diatas untuk masuk ke Website Fak. Tek. Industri Gunadarma. Klik tulisan diatas untuk masuk ke BAAK UG. Klik tulisan diatas untuk masuk ke StudentSite UG. Game Maze 3D interaktif Sederhana Dengan Menggunakan Blender. Lalu masuk ke edit mode dengan menekan TAB,. Nah sek...

andrisart.blogspot.com andrisart.blogspot.com

...the first ten thousand...

The first ten thousand. Saturday, February 22, 2014. Captain Katarina and the Great Eels. Prompt from Stephen Players Sci-Fi class, which was in turn provided for his use by Jonathan Green from his book Stormslayer. Thursday, August 15, 2013. 04 - Under and Final Painting - Recipe for delicious 'Lines from the 'Verse'. This step is like making lasagne, lots of different layers. Take your Base/Value Study and bring it over to the render oven. If you haven't already. Make sure you're at 300dpi. And while y...

andrisatolom.blogspot.com andrisatolom.blogspot.com

Redirecting

Youre about to be redirected. The blog that used to be here is now at http:/ www.andrisatolom.co.cc/. Do you wish to be redirected? This blog is not hosted by Blogger and has not been checked for spam, viruses and other forms of malware.

andrisatria.wordpress.com andrisatria.wordpress.com

Andri Satria Masri | Laki-laki yang tidak dilalaikan oleh perniagaan dan tidak (pula) oleh jual beli dari mengingati Allah, dan (dari) mendirikan sembahyang, dan (dari) membayarkan zakat. Mereka takut kepada suatu hari yang (di hari itu) hati dan penglihat

Analisa dan Uji Hipotik Undang-Undang Nomor 25 Tahun 2007 Tentang Penanaman Modal. Analisis Shift Share Kabupaten Padang Pariaman. Iklim Ilmiah dan Akademis Universitas Indonesia. Organ Tunggal Perusak Suasana Silaturahim. Laki-laki yang tidak dilalaikan oleh perniagaan dan tidak (pula) oleh jual beli dari mengingati Allah, dan (dari) mendirikan sembahyang, dan (dari) membayarkan zakat. Mereka takut kepada suatu hari yang (di hari itu) hati dan penglihatan menjadi goncang. (An Nuur ayat 37). Sekelumit pa...

andrisatteka.blogspot.com andrisatteka.blogspot.com

Andris Atteka's Blog

Wednesday, April 15, 2015. Google, Microsoft and token leaks. Some stir recently was caused by OAuth open redirector. And even an RFC security addendum. Was created for it. While this was known for quite some time already. It's still good to remind the general public. So here's another known issue - an Open Redirector in OpenID. It works like this - whenever "checkid immediate". Mode is used it redirects without any questions asked. And here's an example in accounts.google.com. Openid.claimed id=http...

andrisaubani.wordpress.com andrisaubani.wordpress.com

andrisaubani | Less isn't always more, then I'm blogging it.

Less isn't always more, then I'm blogging it. Leave a comment ». August 13, 2015 at 21:01. Posted in english crafting colony. Leave a comment ». Bahan dan bumbu: Potongan fillet ayam, daun kemangi, lengkuas, bawang merah, bawang putih, bombai, jahe, daun sereh, cabai rawit dan hijau, jinten, bubuk gula merah, ketumbar, garam, daun limau dan jeruknya, santan. Semua dalam takaran secukupnya untuk satu porsi use your feeling ea. August 2, 2015 at 16:17. Hujan Bulan Juni (novel). Leave a comment ». Yang ini ...

andrisautoapmaciba.lv andrisautoapmaciba.lv

IK AAA - Par autoskolu

Pirmdiena, 18. Maijs 2015. Klātienē viens viesis un nav reģistrētu lietotāju. Nozares kurās mēs strādājam :. Autovadītāju, traktortehnikas vadītāju apmācība. B kat CSDD figūru izpilde. Kesko Agro tehnikas demonstrācija. Autortiesības IK "AAA" 1995 - 2015. Visas tiesības ir aizsargātas.

andrisbalins.bandcamp.com andrisbalins.bandcamp.com

andris balins

Sometime in the spring of 2012. Includes high-quality download in MP3, FLAC and more. Paying supporters also get unlimited streaming via the free Bandcamp app. Casper electronics drone lab, teac 3440. Released 13 February 2014. Feed for this artist. Oneonta, New York. Owl Records= =- -. Sometime in the spring of 2012. Its all through us. 10​.​19​.​74. 9​.​21​.​11. Switch to mobile view.

andrisbarbans.com andrisbarbans.com

Sākums - FOTOGRĀFS ANDRIS BARBANS

Northern Lights/ Ziemeļblāzma Riga. RAF ekspedīcija Latgale 2014. GATVE/METAL MULISHA 2015 Winter.



SITEMAP

Copyrights © PageGlimpse . All Rights Reserved.

By using this site, you agree to the Privacy Policy and Terms and Conditions