[development] OpenId open to phishing attacks.
Augustin (Beginner)
drupal.beginner at wechange.org
Wed Nov 7 06:58:45 UTC 2007
On Wednesday 07 November 2007 14:28, Derek Wright wrote:
> Phishing is inherently about tricking humans into compromising
> their own security. OpenID isn't unique in this regard -- look
> at how well many phishing operations work, regardless of the
> underlying authentication mechanism.
Ok, thanks.
However, it seems to me that the OpenId protocol seems to make
phishing easier. I agree that there is no perfect solution, but there
is no need to actually make it easy to con the users.
I followed some of the links, read the discussion:
OpenID: Phishing Heaven
http://www.links.org/?p=187
Solving the OpenID phishing problem
http://simonwillison.net/2007/Jan/19/phishing/
I'll look if the later can be implemented for Drupal in a few months
from now.
Blessings,
Augustin.
More information about the development
mailing list