[OpenID] Fwd: OpenID Spoofing

Dmitry Shechtman damnian at gmail.com
Fri Jan 12 22:27:39 UTC 2007

Paul Madsen wrote:
> The phisher doesn't need the seal, it lets the valid IDP send the code
> to the user with the seal. The MITM would only need the seal if it were
> to try to send the email itself,

You got me. Nice catch, Paul!

I guess I'll have to think harder.


More information about the general mailing list