[OpenID] Fwd: OpenID Spoofing
Dmitry Shechtman
damnian at gmail.com
Thu Jan 11 23:08:00 UTC 2007
I thought that was phishing. Isn't spoofing all about IDs (rather than
IdPs)?
Regards,
Dmitry
=damnian
-----Original Message-----
From: ydnar [mailto:ydnar at shaderlab.com]
Sent: Friday, January 12, 2007 01:01
To: Dmitry Shechtman
Cc: 'Dick Hardt'; 'openid-general'
Subject: Re: [OpenID] Fwd: OpenID Spoofing
You could visit a malicious site that spoofs your IDP, trolling for
login info:
1. Visit site Foo and attempt to log in using OpenID.
2. Site Foo notices you input a LiveJournal URL, and sends you to a
spoofed LJ login page.
3. You enter your LJ credentials and are redirected back to site Foo.
The spoof site now has your LJ credentials.
Randy
More information about the general
mailing list