[OpenID] [marketing] Fwd: OpenID Spoofing
Claus Färber
GMANE at faerber.muc.de
Sun Jan 14 12:40:17 UTC 2007
Chris Messina wrote:
> This is also not unique to OpenID. It's a problem with any remote
> login system -- even local logins (see MySpace).
For local logins, you have to follow a special link that brings you to
the faked login page.
In OpenID, this redirection is built into the protocol. Even worse,
OpenID is advertised as a system to use on as many sites as possible,
not as a system to login to few sites the user trusts.
With cross-site scripting, IDN homographs, etc. there are methods that
may make detecting a phishing attacks nearly impossible.
Claus
More information about the general
mailing list