About Me

Hi. I'm John Eckman.

John Eckman

I'm a Sr. Director at Optaros, a professional services firm offering strategy, design, development, and consulting services to enterprises interested in leveraging free and open source software.

More about me

About Open Parenthesis

Contact Me

Optaros

Travel

 

Upcoming Conferences

Web 2.0 Kongress, Hamburg

Web Content 2009

SXSW Interactive, 2009

My Tweets
  • @jennbarnett I've actually seen travelers arguing with security about wanting to bring their sno-globes. They lose, every time. 23 hrs ago
  • or maybe I'm just following too many of thw wrong people - I have not bee cultivating (or weeding) my twitter garden enough . . . 1 day ago
  • feels like it's become just another channel for spam and self-promotion. is it just the arrival of the mainstream? like when aol hit usenet? 1 day ago
  • Twitter's shine is officially gone for me. maybe I'm just tired, or its the global economic collapse, bit I'm finding it hard to tweet. 1 day ago
  • Thinking of writing a song about conference rooms and how much alike they all are. Sort of like "homeward bound" by S&G but not as good 2 days ago
  • More updates...

Posting tweet...

Powered by Twitter Tools.

Optaros Blogs
Affiliations

[FSF Associate Member]

Creative Commons
Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.
March 27, 2007
« Previous Post: Zimbra Desktop?
Next Post: Optaros Executive Events - “Unleashing the power of Web 2.0 and Open Source” »

Open Phishing

Tagged with: , , — John @ 2:51 am

(via Rod Begbie)

Marco Slot has written up a “Beginner’s Guide to OpenID Phishing” to demonstrate how vulnerable the popular distributed identity system can be to impersonation / person-in-the-middle attacks.

The real problem, of course, is the reliance on username/password based authentication schemes, and the ease with which a login form (for the OpenID provider itself) can be spoofed - even dynamically spoofed so that the phishing site can be reacting in real time to whatever provider you’ve used.

OpenID is a great system we’d all like to see succeed, but in it’s current form it must be used rather cautiously and with an eye out for attacks like those Marco describes.

Trackback url for this post: http://www.openparenthesis.org/2007/03/27/open-phishing/trackback

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« Previous Post: Zimbra Desktop?
Next Post: Optaros Executive Events - “Unleashing the power of Web 2.0 and Open Source” »