Looking for the Next Heartbleed in all the Wrong Places

May 06, 2014, 02:00 (0 Talkback[s])
(Other stories by Sean Michael Kerner)

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

With the 'Covert Redirect' flaw the basic premise of the attack is to take advantage of a previously-known mis-configuration issue in OAuth and OpenID. One of the most succinct comments about why Covert Redirect is not the same Heartbleed was published by security vendor Symantec in a blog post on May 3.

"The Heartbleed vulnerability could be exploited just by issuing requests to unpatched servers," Symantec stated. "Covert Redirect, however, requires an attacker to find a susceptible application as well as acquire interaction and permissions from users."

Complete Story

Related Stories:

Heartbleed coder admits oversight but backs open source(Apr 11, 2014)
Heartbleed: for hundreds of thousands of servers at risk around the world from catastrophic bug(Apr 09, 2014)
Heartbleed and Heartache in FOSS Town(Apr 22, 2014)
Will Open-Source Money Prevent the Next Heartbleed?(Apr 15, 2014)
Heartbleed: Open source's worst hour(Apr 15, 2014)
Dear Ubuntu Users, Stop Saying the Ubuntu Is Unprotected Against the Heartbleed Exploit(Apr 16, 2014)

Subscribe to Our Daily Newsletter

Current Newswire:

More on LinuxToday

Looking for the Next Heartbleed in all the Wrong Places

WEBINAR: On-demand Event