Looking for the Next Heartbleed in all the Wrong PlacesMay 06, 2014, 02:00 (0 Talkback[s])
(Other stories by Sean Michael Kerner)
With the 'Covert Redirect' flaw the basic premise of the attack is to take advantage of a previously-known mis-configuration issue in OAuth and OpenID. One of the most succinct comments about why Covert Redirect is not the same Heartbleed was published by security vendor Symantec in a blog post on May 3.
0 Talkback[s] (click to add your comment)