Discovery of an OpenID session at an OP

SitG Admin sysadmin at shadowsinthegarden.com
Wed Dec 16 01:16:32 UTC 2009


>Note that all of these except the last are about how to use this for 
>useful purposes or just playing around;

Note? I put them in that order deliberately! The questions on this 
thread were about how widespread this exploit is "in the wild", and, 
as you can see, there are plenty of reasons for *good-intentioned* 
developers to practice it.

>the last one is a theoretical note that says "this may be useful for 
>phishing" but doesn't give a specific attack

You can find working implementations in the first set of links. That 
they double as attack vectors, despite being utilized for a 
benevolent purpose, wasn't something I saw any need to explain.

-Shade


More information about the specs mailing list