Linux Today: Linux News On Internet Time.

More on LinuxToday

Looking for the Next Heartbleed in all the Wrong Places

May 06, 2014, 02:00 (0 Talkback[s])
(Other stories by Sean Michael Kerner)

With the 'Covert Redirect' flaw the basic premise of the attack is to take advantage of a previously-known mis-configuration issue in OAuth and OpenID. One of the most succinct comments about why Covert Redirect is not the same Heartbleed was published by security vendor Symantec in a blog post on May 3.

"The Heartbleed vulnerability could be exploited just by issuing requests to unpatched servers," Symantec stated. "Covert Redirect, however, requires an attacker to find a susceptible application as well as acquire interaction and permissions from users."

Complete Story

Related Stories: