/dev/random

If it works, don't fix it.

Beginner’s guide to OpenID phishing

I already talked about OpenID (here or here). OpenID is a web based solution which provides single sign-on to other websites: once authenticated via a “provider“, you are able to use a lot of services (websites) via “consumers“. This system is very user-friendly but is also a good target for phishers! Why?

A lot of commercial or financial websites are victims of phishing attacks. Today, there is a business behing malicious activities. You’ve money or personal data which also have a price on the underground market (SS#, CC#, …).

As more and more services are compatible with OpenID, the risks of phishing attacks are much more critical. If you loose your OpenID credentials, you’re potentially vulnerable on *ALL* the compatible websites! Marc Oslot wrote a good paper about OpenID phishing: Beginner’s guide to OpenID phishing.

Diving into the OpenSSH code... 3 hrs ago
Just discovered that #OpenSSH allows multiple "Port" or "ListenAddress" entries in sshd_config. Useful! 8 hrs ago
Dear v€ndor$, if you send an invitation for a webcast, please avoid 404 ;-) #communication #fail #again 13 hrs ago
Received today a notification from Twitter about the new "OAuth" mechanism will be in place on 31/08! #communication #fail 14 hrs ago
Next #OWASP Belgium Chapter meeting announced: 21th Sep http://tinyurl.com/2bkl2hd 14 hrs ago
Back to work... First, 0xCOFFEE! 15 hrs ago
Switched from Tweetie to Twitter (official app). I hate being forced to use alternative apps. #freedom 1 day ago
Level completed! Kids successfully dropped at school! Next level now... 1 day ago
Cleaning my garage and found back some dinosaurs! :-) http://yfrog.com/n4lm6mj 2 days ago
Simply explained: CTRL-V, CTRL-X, CTRL-Z http://tinyurl.com/23ptfvt 2 days ago
More updates...

/dev/random

Beginner’s guide to OpenID phishing

Leave a Reply

Recent Posts

Recent Tweets

Archives

Categories

Meta

Security Focus