[OpenID] Fwd: OpenID Spoofing

Paul Madsen paulmadsen at rogers.com
Fri Jan 12 21:20:15 UTC 2007 

its not just cookies, there is some Flash LSO magic in there as well.

I created a seal in Firefox and saw it in IE.

paul

John stanley wrote:
> Has anyone looked into Yahoo's "sign-in seal"?  Basically it's a piece 
> of custom text or image that you can upload and it will show up on the 
> login page every time you try to login.  If you don't see your "seal" 
> when logging in, you might be getting phished (or someone might have 
> cleared the cookies from your browser).  It's similar in concept to 
> the Ph-Off extension, but it works through cookies.  I'm not familiar 
> with the inner workings of it, but it sounds like a good idea for IdPs 
> to implement.
>
> */Dmitry Shechtman <damnian at gmail.com>/* wrote:
>
>     Now that we've established that by "OpenID spoofing" nobody meant
>     anything
>     more than plain phishing, I think I found a solution:
>
>     http://blog.phpbb.cc/2007/01/12/external-authentication-and-otp/
>
>     Any comments are welcome (first-timer moderation).
>
>
>     Regards,
>     Dmitry
>     =damnian
>
>     _______________________________________________
>     general mailing list
>     general at openid.net
>     http://openid.net/mailman/listinfo/general
>
>
> ------------------------------------------------------------------------
> Expecting? Get great news right away with email Auto-Check. 
> <http://us.rd.yahoo.com/evt=49982/*http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html>
> Try the Yahoo! Mail Beta. 
> <http://us.rd.yahoo.com/evt=49982/*http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html> 
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>   
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.432 / Virus Database: 268.16.9/623 - Release Date: 1/11/2007 3:33 PM
>   

-- 
Paul Madsen             e:paulmadsen @ ntt-at.com
NTT                     p:613-482-0432
                        m:613-302-1428
                        aim:PaulMdsn5
                        web:connectid.blogspot.com

More information about the general mailing list