[security] The dangers of CSS iframe overlays
gaz_sec at hushmail.com
gaz_sec at hushmail.com
Mon Oct 15 09:02:12 UTC 2007
Hi all
I've create a proof of concept which highlights the problem of
single sign on providers not providing iframe protection and
remembering the password.
The demo uses a Verisign account (It was the first provider I found
without iframe protection)
<http://www.thespanner.co.uk/2007/09/28/openid-security-css-
overlays/>
Cheers
Gareth
More information about the security
mailing list