Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.
Ars Technica

ICANN to prohibit nonexistent-domain redirect for new TLDs

Earlier this week, the Internet Corporation for Assigned Names and Numbers (ICANN) published a draft of an “explanatory memorandum” for a proposed clause that prohibits the managers of new generic top ...
searchenginewatch

Revisiting Hijacking & Redirects: Moving To A Solution

Cast your mind back to May, when I wrote about the Google AdSense page getting “hijacked” by another site for searches on adsense and google adsense. Why hadn’t Google yet solved this problem, I asked ...