diff --git a/FLOWS.md b/FLOWS.md
index 446b8f1..a3226e9 100644
--- a/FLOWS.md
+++ b/FLOWS.md
@@ -411,7 +411,7 @@ OAuth2 three-legged cuts out a lot of clutter just like the two-legged, no longe
     - `client_id`
     - `redirect_uri`
     - `response_type` [[20, 4.1.1]](http://tools.ietf.org/html/rfc6749#section-4.1.1)
-    - `state` *Optional;* Unique identifier to protect against CSRF [[25]](http://blog.springsource.org/2011/11/30/10317/)
+    - `state` *Optional;* Unique identifier to protect against CSRF [[25]](http://spring.io/blog/2011/11/30/cross-site-request-forgery-and-oauth2)
     - `scope` *Optional;* what data your application can access.
     
     Example Authorization URL (Not-Encoded for Readability):
@@ -503,6 +503,6 @@ Here is a long, windy list of places where I tracked down specific information r
 22. [OAuth2 Quickstart](http://www.salesforce.com/us/developer/docs/api_rest/Content/quickstart_oauth.htm) - Salesforce
 23. [Authentication Mechanisms](https://developers.geoloqi.com/api/authentication) - Geoloqi
 24. [Understanding Web Server OAuth Flow](http://www.salesforce.com/us/developer/docs/api_rest/Content/intro_understanding_web_server_oauth_flow.htm) - Salesforce
-25. [CSRF & OAuth2](http://blog.springsource.org/2011/11/30/10317/) - Springsource
+25. [CSRF & OAuth2](http://spring.io/blog/2011/11/30/cross-site-request-forgery-and-oauth2) - Springsource
 26. [OAuth v2-31](https://tools.ietf.org/html/draft-ietf-oauth-v2-31) - IETF
 27. [Resource Owner Flow](http://labs.hybris.com/2012/06/11/oauth2-resource-owner-password-flow/) - Hybris