A recently reported new "vulnerability" in OAuth appears to be anything but. That unkind assessment has come from security specialists after a flaw called "Covert Redirect" made headlines that conflated the flaw with the Heartbleed vulnerability, a major security risk that legitimately sent administrators scrambling to fix their …
I am weary of supposedly-literate people writing weary when they meant wary.
I am wary of them, myself.
Do Facebook still pass user access tokens on the URL when authenticating external sites such as twitter? It used to lead to a lot of spamming aps which relied on misusing the access tokens to spam crap all over Facebook with total impunity
Breaking news from 2006
Seriously, an open-redirect vulnerability? Gosh. OWASP's had a wiki page for "open redirect" since 2006, and it's (part of) number 10 in their 2013 Top Ten list.
I expect the keen-eyed researchers behind this revelation to announce they've discovered cross-site scripting next.
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Chromecast video on UK, Euro TVs hertz so badly it makes us judder – but Google 'won't fix'