May 022014
 

Headlines are flying around this morning that a “serious security flaw” (now dubbed “Covert Redirect”) has been discovered in OAuth and OpenID, which could be exploited by malicious sites to capture user’s personal data. Furthermore, the “reporting” includes comments from major auth providers (Google, Microsoft, Facebook) to the effect of “we can’t fix this”. Synopsis: […]