Discovery of an OpenID session at an OP
SitG Admin
sysadmin at shadowsinthegarden.com
Wed Dec 16 01:16:32 UTC 2009
>Note that all of these except the last are about how to use this for
>useful purposes or just playing around;
Note? I put them in that order deliberately! The questions on this
thread were about how widespread this exploit is "in the wild", and,
as you can see, there are plenty of reasons for *good-intentioned*
developers to practice it.
>the last one is a theoretical note that says "this may be useful for
>phishing" but doesn't give a specific attack
You can find working implementations in the first set of links. That
they double as attack vectors, despite being utilized for a
benevolent purpose, wasn't something I saw any need to explain.
-Shade
More information about the specs
mailing list