Dark Lords of the Internet
In last week’s Covert Redirects and Perverse Incentives I described an open redirect vulnerability in the OAuth protocol which social login providers may not fix because it would require locking out third parties with slack security practices but lucrative business… Continue reading
Covert OAuth Redirects and Perverse Incentives
Covert redirect is a structural vulnerability in OAuth-based protocols. It was widely publicized in early May. Identity and security experts had long known about, but don’t have an easy fix. Once the media learned covert redirect isn’t as serious… Continue reading