Google announced so called OpenID launch which scared me again about OpenID
I'm not totally against OpenID concept, I'm just paranoid about it at this stage.
Here's my take on
Wednesday, October 29, 2008
Subscribe to:
Post Comments (Atom)
3 comments:
Nice presentation. I was not sure how CSRF or XSS vulnerabilities would get particularly influenced for better or for worse by using OpenID.
Phishing of course is a big problem, and using extensions such as Seatbelt for Firefox might be useful.
Are those vulnerabilities with OpenID are with CardSpace too? , I believe both works on almost same methodology.
@Dhananjay
XSS and CSRF can be used for many "good" things.
Depending on client side security life FF extension is not a very good idea, I feel client side security is for geeks only, what about common man. Even you know how much a common man knows about security
@Vikram
Frankly telling, I haven't tried any attack on CardSpace yet. So can't comment at this moment. If you do so, please let me also know.
Post a Comment