Open Phishing

Published on Tuesday, March 27 2007

(via Rod Begbie)

Marco Slot has written up a “Beginner’s Guide to OpenID Phishing” to demonstrate how vulnerable the popular distributed identity system can be to impersonation / person-in-the-middle attacks.

The real problem, of course, is the reliance on username/password based authentication schemes, and the ease with which a login form (for the OpenID provider itself) can be spoofed – even dynamically spoofed so that the phishing site can be reacting in real time to whatever provider you’ve used.

OpenID is a great system we’d all like to see succeed, but in it’s current form it must be used rather cautiously and with an eye out for attacks like those Marco describes.

Did you like this? Share it:

Related posts:

  1. Better Security Through Open Source
  2. Walmart.com on open source
  3. Open Source Year in Review (Webinar)
  4. AJAX, Open Source, and Business Models
  5. Dr. Dobb’s Journal – MyMap cross-provider API
Tags: , ,
 
 
0 Comments. Leave a comment or send a Trackback.

 

Comment:

 
 

Subscribe

rss Subscribe in an rss reader, or

By email:

Archives

Tag Cloud

AJAX Assembled Web BlackJack blog blogs Boston Browsers Collaboration comments Community conference Content Management Creative Commons Design Development Drupal ecommerce Enterprise 2.0 facebook Flash Free Software Gadgets google Linux Marketing media mobile NGI Open Source Optaros OSCON Plugin Research RSS social media social networking sxsw07 Travel Twitter Ubuntu ugc Video Web 2.0 WordPress wpbook

Creative Commons

Creative Commons License

This work is licensed under a Creative Commons Attribution 3.0 License.