<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=us-ascii" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18939"></HEAD>
<BODY>
<DIV dir=ltr align=left><A
href="https://mozillalabs.com/conceptseries/identity/connect/"><FONT size=2
face=Arial>https://mozillalabs.com/conceptseries/identity/connect/</FONT></A><FONT
face=Arial><FONT color=#0000ff><FONT size=2> <SPAN
class=567333817-12092010>(Mozilla Chris
Messina)</SPAN></FONT></FONT></FONT></DIV>
<DIV dir=ltr align=left><FONT color=#0000ff size=2
face=Arial></FONT> </DIV>
<DIV dir=ltr align=left><A
href="http://ignisvulpis.blogspot.com/2010/02/openinfocard-openid-selector.html"><FONT
size=2
face=Arial>http://ignisvulpis.blogspot.com/2010/02/openinfocard-openid-selector.html</FONT></A><FONT
face=Arial><FONT color=#0000ff><FONT size=2> <SPAN
class=567333817-12092010>(me)</SPAN></FONT></FONT></FONT></DIV>
<DIV dir=ltr align=left><A href="http://self-issued.info/?p=235"><FONT size=2
face=Arial>http://self-issued.info/?p=235</FONT></A><FONT face=Arial><FONT
color=#0000ff><FONT size=2> <SPAN class=567333817-12092010>(Mike
Jones)</SPAN></FONT></FONT></FONT></DIV>
<DIV dir=ltr align=left><FONT color=#0000ff size=2
face=Arial></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Arial><SPAN
class=567333817-12092010>-Axel</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Arial></FONT> </DIV>
<DIV><BR></DIV>
<DIV dir=ltr lang=de class=OutlookMessageHeader align=left>
<HR tabIndex=-1>
<FONT size=2 face=Tahoma><B>From:</B> openid-general-bounces@lists.openid.net
[mailto:openid-general-bounces@lists.openid.net] <B>On Behalf Of </B>Alessandro
Preziosi<BR><B>Sent:</B> Sunday, September 12, 2010 6:50 PM<BR><B>To:</B>
openid-general@lists.openid.net<BR><B>Subject:</B> [OpenID] Phishing? Web
browser integration?<BR></FONT><BR></DIV>
<DIV></DIV>Hi everybody,<BR>
<DIV>A couple of days ago I used openID for the first time.
<DIV>It was on a low traffic website and when i clicked on the button it
redirected me to Google's login page, where I had to insert my google
password. </DIV>
<DIV>Before doing so, I double-checked the address because I'm aware of phishing
scams, but I'm afraid the vast majority of people would not do so. </DIV>
<DIV>I think we're kind of lucky that openID isn't widespread, otherwise many
people could see their email accounts stolen, and with them all the other
accounts (paypal etc.).</DIV>
<DIV>I think this is a MAJOR flow, and the only solution that i see would be to
try to integrate openID in the browser in some way, to make phishing
impossible.</DIV>
<DIV>Any ideas? Any comments?</DIV>
<DIV><BR></DIV>
<DIV>Have a nice day,</DIV>
<DIV><BR></DIV>
<DIV>Alessandro Preziosi</DIV>
<DIV><BR></DIV></DIV></BODY></HTML>