[OpenID] Fwd: OpenID Spoofing

Dmitry Shechtman damnian at gmail.com
Thu Jan 11 23:08:00 UTC 2007

I thought that was phishing. Isn't spoofing all about IDs (rather than


-----Original Message-----
From: ydnar [mailto:ydnar at shaderlab.com] 
Sent: Friday, January 12, 2007 01:01
To: Dmitry Shechtman
Cc: 'Dick Hardt'; 'openid-general'
Subject: Re: [OpenID] Fwd: OpenID Spoofing

You could visit a malicious site that spoofs your IDP, trolling for  
login info:

1. Visit site Foo and attempt to log in using OpenID.
2. Site Foo notices you input a LiveJournal URL, and sends you to a  
spoofed LJ login page.
3. You enter your LJ credentials and are redirected back to site Foo.  
The spoof site now has your LJ credentials.


More information about the general mailing list