[OpenID] Security related Use Cases?
Praveen Alavilli
AlavilliPraveen at aol.com
Wed Oct 22 15:33:35 UTC 2008
But why would a hacker open the real yahoo sign in page in an iframe
(security enabled or not) - there is nothing to gain from it (whether it
shows the signin seal or not). Instead they are better of showing their
own phishing page to steal the credentials.
- Praveen
Breno de Medeiros wrote:
> On Tue, Oct 21, 2008 at 6:03 PM, Allen Tom <atom at yahoo-inc.com> wrote:
>
>> Hi Breno,
>>
>> Do you have a demo of this?
>>
>
> I could put one together, the directions are here:
>
> http://msdn.microsoft.com/en-us/library/ms534622(VS.85).aspx
>
>
>> Thanks
>> Allen
>>
>>
>> Breno de Medeiros wrote:
>>
>>> IE allows you to create an iframe and disable JS inside the iframe.
>>> 70-85% of users will be vulnerable to this attack.
>>>
>>>
>>>
>>
>
>
>
>
More information about the general
mailing list