OpenID homesite authorization spoofed
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Mon Oct 23 04:56:17 UTC 2006
David Nicol wrote:
> >From reading this thread I understand that by using dns spoofing it
> is possible -- If I can write to your /etc/hosts file it is possible
Since you can write to your own hosts file, and this is all what it
takes for spoofing, I suggest, that the issue is a little bit more than
serious ;-)
> That certainly isn't anything to catastrophize about in my opinion.
>
All the other details were forwarded to the relevant persons...
Cheers!
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/bc9e493d/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/bc9e493d/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/bc9e493d/attachment-0002.bin>
More information about the general
mailing list