A recently reported new "vulnerability" in OAuth appears to be anything but. That unkind assessment has come from security specialists after a flaw called "Covert Redirect" made headlines that conflated the flaw with the Heartbleed vulnerability, a major security risk that legitimately sent administrators scrambling to fix their …
I am weary of supposedly-literate people writing weary when they meant wary.
I am wary of them, myself.
Do Facebook still pass user access tokens on the URL when authenticating external sites such as twitter? It used to lead to a lot of spamming aps which relied on misusing the access tokens to spam crap all over Facebook with total impunity
Breaking news from 2006
Seriously, an open-redirect vulnerability? Gosh. OWASP's had a wiki page for "open redirect" since 2006, and it's (part of) number 10 in their 2013 Top Ten list.
I expect the keen-eyed researchers behind this revelation to announce they've discovered cross-site scripting next.
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- UNIX greybeards threaten Debian fork over systemd plan