Mac Developer: Here comes a new, Web-wide security threat -- this time for OAuth & OpenID
Here comes a new, Web-wide security threat -- this time for OAuth & OpenID | VentureBeat | Security | by Barry Levine - When the flaw he calls Covert Redirect is exploited, you might click on a phishing link. It shows a popup window from a trusted site, and asks you to authorize a new app using, say, your Facebook login. But it then grabs your personal info – such as email address, birth date, or contacts — and sends it to the attacker.
Personally, I am amazed by what the data that JavaScript is able to grab from within a browser session. Keep that sandbox tightened!
Labels: oauth, openid, security
Post a Comment