[OpenID] Fwd: OpenID Spoofing
Paul Madsen
paulmadsen at rogers.com
Fri Jan 12 21:20:15 UTC 2007
its not just cookies, there is some Flash LSO magic in there as well.
I created a seal in Firefox and saw it in IE.
paul
John stanley wrote:
> Has anyone looked into Yahoo's "sign-in seal"? Basically it's a piece
> of custom text or image that you can upload and it will show up on the
> login page every time you try to login. If you don't see your "seal"
> when logging in, you might be getting phished (or someone might have
> cleared the cookies from your browser). It's similar in concept to
> the Ph-Off extension, but it works through cookies. I'm not familiar
> with the inner workings of it, but it sounds like a good idea for IdPs
> to implement.
>
> */Dmitry Shechtman <damnian at gmail.com>/* wrote:
>
> Now that we've established that by "OpenID spoofing" nobody meant
> anything
> more than plain phishing, I think I found a solution:
>
> http://blog.phpbb.cc/2007/01/12/external-authentication-and-otp/
>
> Any comments are welcome (first-timer moderation).
>
>
> Regards,
> Dmitry
> =damnian
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
> ------------------------------------------------------------------------
> Expecting? Get great news right away with email Auto-Check.
> <http://us.rd.yahoo.com/evt=49982/*http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html>
> Try the Yahoo! Mail Beta.
> <http://us.rd.yahoo.com/evt=49982/*http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.432 / Virus Database: 268.16.9/623 - Release Date: 1/11/2007 3:33 PM
>
--
Paul Madsen e:paulmadsen @ ntt-at.com
NTT p:613-482-0432
m:613-302-1428
aim:PaulMdsn5
web:connectid.blogspot.com
More information about the general
mailing list