[OpenID] Fwd: OpenID Spoofing

John stanley jlstanley9 at yahoo.com
Fri Jan 12 21:16:30 UTC 2007


Has anyone looked into Yahoo's "sign-in seal"?  Basically it's a piece of custom text or image that you can upload and it will show up on the login page every time you try to login.  If you don't see your "seal" when logging in, you might be getting phished (or someone might have cleared the cookies from your browser).  It's similar in concept to the Ph-Off extension, but it works through cookies.  I'm not familiar with the inner workings of it, but it sounds like a good idea for IdPs to implement.

Dmitry Shechtman <damnian at gmail.com> wrote: Now that we've established that by "OpenID spoofing" nobody meant anything
more than plain phishing, I think I found a solution:

http://blog.phpbb.cc/2007/01/12/external-authentication-and-otp/

Any comments are welcome (first-timer moderation).


Regards,
Dmitry
=damnian

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general


 
---------------------------------
Expecting? Get great news right away with email Auto-Check.
Try the Yahoo! Mail Beta.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070112/8f005442/attachment-0002.htm>


More information about the general mailing list