![[FSF Associate Member]](http://www.johneckman.com/images/getButton.png){kind=small}
« Previous Post: Zimbra Desktop?
Next Post: Optaros Executive Events - “Unleashing the power of Web 2.0 and Open Source” »
Next Post: Optaros Executive Events - “Unleashing the power of Web 2.0 and Open Source” »
Open Phishing
(via Rod Begbie)
Marco Slot has written up a “Beginner’s Guide to OpenID Phishing” to demonstrate how vulnerable the popular distributed identity system can be to impersonation / person-in-the-middle attacks.
The real problem, of course, is the reliance on username/password based authentication schemes, and the ease with which a login form (for the OpenID provider itself) can be spoofed - even dynamically spoofed so that the phishing site can be reacting in real time to whatever provider you’ve used.
OpenID is a great system we’d all like to see succeed, but in it’s current form it must be used rather cautiously and with an eye out for attacks like those Marco describes.
« Previous Post: Zimbra Desktop?
Next Post: Optaros Executive Events - “Unleashing the power of Web 2.0 and Open Source” »
Next Post: Optaros Executive Events - “Unleashing the power of Web 2.0 and Open Source” »
Trackback url for this post: http://www.openparenthesis.org/2007/03/27/open-phishing/trackback
Leave a Reply