Shouldn’t Facebook Provide Better Resistance to Cloned Accounts?
This is a real request, not just a gratuitous blog post. A friend of mine has been attacked on Facebook. Her account has been cloned. I’m way too busy consulting this week to drop everything and track… Continue reading
Dark Lords of the Internet
In last week’s Covert Redirects and Perverse Incentives I described an open redirect vulnerability in the OAuth protocol which social login providers may not fix because it would require locking out third parties with slack security practices but lucrative business… Continue reading