[OpenID] Fwd: OpenID Spoofing
damnian at gmail.com
Thu Jan 11 23:08:00 UTC 2007
I thought that was phishing. Isn't spoofing all about IDs (rather than
From: ydnar [mailto:ydnar at shaderlab.com]
Sent: Friday, January 12, 2007 01:01
To: Dmitry Shechtman
Cc: 'Dick Hardt'; 'openid-general'
Subject: Re: [OpenID] Fwd: OpenID Spoofing
You could visit a malicious site that spoofs your IDP, trolling for
1. Visit site Foo and attempt to log in using OpenID.
2. Site Foo notices you input a LiveJournal URL, and sends you to a
spoofed LJ login page.
3. You enter your LJ credentials and are redirected back to site Foo.
The spoof site now has your LJ credentials.
More information about the general