Open Phishing | Open Parenthesis

March 27, 2007

« Previous (Older) Post: Zimbra Desktop?
Next (Newer) Post: Optaros Executive Events – “Unleashing the power of Web 2.0 and Open Source” »

Open Phishing

Tagged with: NGI, Open Source, Web 2.0 — John @ 2:51 am

(via Rod Begbie)

Marco Slot has written up a “Beginner’s Guide to OpenID Phishing” to demonstrate how vulnerable the popular distributed identity system can be to impersonation / person-in-the-middle attacks.

The real problem, of course, is the reliance on username/password based authentication schemes, and the ease with which a login form (for the OpenID provider itself) can be spoofed – even dynamically spoofed so that the phishing site can be reacting in real time to whatever provider you’ve used.

OpenID is a great system we’d all like to see succeed, but in it’s current form it must be used rather cautiously and with an eye out for attacks like those Marco describes.

Comments Off

Trackback url for this post: http://www.openparenthesis.org/2007/03/27/open-phishing/trackback

Comments are closed.

Additional comments powered by BackType

« Previous (Older) Post: Zimbra Desktop?
Next (Newer) Post: Optaros Executive Events – “Unleashing the power of Web 2.0 and Open Source” »

About Me

Open Parenthesis is a blog about free and open source software, next generation internet strategy, and the assembled web, written by John Eckman (me).

I'm a Sr. Director at Optaros, a professional services firm offering strategy, design, development, and consulting services to enterprises interested in leveraging free and open source software.

More About Open Parenthesis

John Eckman on LinkedIn

Optaros Blogs

Creative Commons

Creative Commons License

This work is licensed under a Creative Commons Attribution 3.0 License.

Lifestream

OH: So my final story is . . . [jeckman]

— 17h ago via Twitter
Going off menu (@ Anchor and Hope) http://4sq.com/2STj2C [jeckman]

— 23h ago via Twitter
I'm at Radisson San Francisco Airport Bayfront (5000 Sierra Point Parkway, Brisbane). http://4sq.com/bJpryd [jeckman]

— 2d ago via Twitter
I'm at San Francisco International Airport (SFO) (SFO, Millbrae) w/ 67 others. http://4sq.com/MTivk [jeckman]

— 2d ago via Twitter
#sxsw sponsor Fail this year to Zone bars - just too many of them everywhere. I could build a house out of all the zone bars I was offered [jeckman]

— March 16th via Twitter
#sxsw sponsor marketing award this year for Cheverolet - sponsored power strips throughout the venue, plus the test drives and Volt [jeckman]

— March 16th via Twitter
Published WPBook 1.5.2 released.

— March 15th via openparenthesis.org
4 veggie tacos at #ntn nuclear tacos #sxsw - I've been waiting a year for that! thanks @nucleartacos - a volunteer org [jeckman]

— March 15th via Twitter
#sxsw we're on a train to nowhere . . . Why are they taunting us with light rail we can't ride? [jeckman]

— March 15th via Twitter
Dries on Drupal (@ SXSW / ACC - Ballroom B w/ @katherined) http://4sq.com/9ZWeBM [jeckman]

— March 15th via Twitter