Dark Lords of the Internet
In last week’s Covert Redirects and Perverse Incentives I described an open redirect vulnerability in the OAuth protocol which social login providers may not fix because it would require locking out third parties with slack security practices but lucrative business… Continue reading