[security] Site checking

[Drummond Reed]

Gareth,

Thanks. We all appreciate your efforts; they set a good precedent for how
OpenID security fixes should work.

=Drummond 

-----Original Message-----
From: security-bounces at openid.net [mailto:security-bounces at openid.net] On
Behalf Of gaz_sec at hushmail.com
Sent: Saturday, March 24, 2007 2:44 AM
To: security at openid.net
Subject: [security] Site checking

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everyone

I have no problems at all in checking anyones server for this
Safari problem but because of the amount of emails I am receiving
please could you do the following in your emails:-

a) Provide me with a url to the register an OpenID account.
b) Provide a link to the identity page for the service.
c) If payment is required to register on your site, please provide
a demo username + password. Which when my tests are complete you
can delete.

I want to do my best to help the OpenID community and you can
expect me to provide more reports if any problems are found, if I
do find any I shall always follow the following procedure:-

1. I shall inform any site first.
2. I shall post the problem to this list but without disclosing
technical details.
3. Only when the site has fixed the problem and other OpenID
servers are not affected will I then post any technical details to
this list.

Cheers

Gareth
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkYE8tAACgkQrR8fg3y/m1B3BgP/RyOAIbHiC+O/6y1PRyWf6ixtP/7G
jLjdMHAzi3a2n29XsX+oIB4NWKhfA7Msg0VO+WY3HVKKOH2r20PLazSScn7Zisda+qmF
ZN8ilJSkRBwaAUUg5xsvGM3eIWWZ/NECKChCahqR9OyzzlEZnaFZy4AfSqzwR2AMMZyO
C6zDUWM=
=VARg
-----END PGP SIGNATURE-----

--
Click to consolidate debt and lower month expenses
http://tagline.hushmail.com/fc/CAaCXv1QPxbs51VOlMsjPz4sStO08Ke5/


_______________________________________________
security mailing list
security at openid.net
http://openid.net/mailman/listinfo/security