A recently reported new "vulnerability" in OAuth appears to be anything but. That unkind assessment has come from security specialists after a flaw called "Covert Redirect" made headlines that conflated the flaw with the Heartbleed vulnerability, a major security risk that legitimately sent administrators scrambling to fix their …
I am weary of supposedly-literate people writing weary when they meant wary.
I am wary of them, myself.
Do Facebook still pass user access tokens on the URL when authenticating external sites such as twitter? It used to lead to a lot of spamming aps which relied on misusing the access tokens to spam crap all over Facebook with total impunity
Breaking news from 2006
Seriously, an open-redirect vulnerability? Gosh. OWASP's had a wiki page for "open redirect" since 2006, and it's (part of) number 10 in their 2013 Top Ten list.
I expect the keen-eyed researchers behind this revelation to announce they've discovered cross-site scripting next.
- Review This is why we CAN have nice things: Samsung Galaxy Alpha
- Hey, YouTube lovers! How about you pay us, we start paying for STUFF? - Google
- MEN: For pity's sake SLEEP with LOTS of WOMEN - and avoid Prostate Cancer
- Even a broken watch is right twice a day: Not an un-charged Apple Watch
- Vid BONFIRE of the MEGA-BUCKS: $200m+ BURNED in SECONDS in Antares launch blast