|
|
|
|
|
|
by xxgreg
2936 days ago
|
|
|
This blog post doesn't actually respond to the main security concern raised. "malicious-service-a.com" spoofing "service-a.com" is different than "eu.auth0.com" spoofing "au.auth0.com". In the second case both domains are valid auth0 domains. This makes it harder for a user to detect the phishing. This seems like a legitimate concern. |
|
|