Breathless reports of a new security flaw affecting OpenID and OAuth — the technology that powers the identity logins for services such as Facebook, Microsoft, Google and LinkedIn — hit the news Friday. Dubbed "Covert Redirect," the flaw could enable phishing sites to grab a user's login information.
The announcement of Covert Redirect is straight out of Heartbleed's marketing manual, coming with both slick website and fancy logo. Coupled with the widespread usage of OAuth and the growing awareness of potential security threats, Covert Redirect certainly sounds bad
No comments:
Post a Comment