Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Looking for the Next Heartbleed in all the Wrong Places

May 06, 2014, 02:00 (0 Talkback[s])
(Other stories by Sean Michael Kerner)

With the 'Covert Redirect' flaw the basic premise of the attack is to take advantage of a previously-known mis-configuration issue in OAuth and OpenID. One of the most succinct comments about why Covert Redirect is not the same Heartbleed was published by security vendor Symantec in a blog post on May 3.

"The Heartbleed vulnerability could be exploited just by issuing requests to unpatched servers," Symantec stated. "Covert Redirect, however, requires an attacker to find a susceptible application as well as acquire interaction and permissions from users."

Complete Story

Related Stories: