Comments on: MyOpenID: New anti-phishing tools available

By: The Security Roundtable » Blog Archive » The Security Roundtable for February 2007 - OpenID

Thu, 15 Mar 2007 19:55:56 +0000

[...] Ideas to respond: http://kveton.com/blog/2007/01/24/myopenid-new-anti-phishing-tools-available/ [...]

By: OpenID的安全性问题 | OpenID Planet-OpenID动态，关注网站身份验证服务

OpenID的安全性问题 | OpenID Planet-OpenID动态，关注网站身份验证服务 — Thu, 01 Mar 2007 05:27:44 +0000

[...] 这些办法之中的任何一个都不可能完全的解决OpenID的安全问题，但是如果把这些办法都综合起来成为一个工具，那是否可以解决部分问题呢？ [...]

By: OpenID的安全性问题 | OpenID Planet

OpenID的安全性问题 | OpenID Planet — Tue, 13 Feb 2007 03:42:35 +0000

[...] 这些办法之中的任何一个都不可能完全的解决OpenID的安全问题，但是如果把这些办法都综合起来成为一个工具，那是否可以解决部分问题呢？ [...]

By: OpenID的安全性问题 at OpenID Planet

OpenID的安全性问题 at OpenID Planet — Mon, 12 Feb 2007 17:02:44 +0000

[...] 这些办法之中的任何一个都不可能完全的解决OpenID的安全问题，但是如果把这些办法都综合起来成为一个工具，那是否可以解决部分问题呢？ [...]

By: Charles Darke

Charles Darke — Tue, 06 Feb 2007 22:39:28 +0000

I’ve put up proof of concept code which validates against IP instead of using passwords so there is no opportunity to phish.

See http://digitalconsumption.com/forum/A-simple-solution-to-OpenID-phishing-attacks

By: OpenID And Phishing on iface thoughts

OpenID And Phishing on iface thoughts — Fri, 02 Feb 2007 05:19:39 +0000

[...] Well, one of the solutions is to tell the provider to not ask for a password when redirected from other sites. What you do is whenever you start surfing, first log into your OpenID provider. Now you are not redirected to your provider for entering your password. MyOpenID.com has implemented this anti-phishing technique. [...]

By: Clipperz

Clipperz — Thu, 01 Feb 2007 16:16:05 +0000

OpenID, before you get too excited…

In the last months OpenID definitely gained momentum. Everyone is running to provide support and integration.

But what about OpenID phishing risks?

It’s undeniably true that OpenID makes life easier to phishers: they no longer have to mimic Pay…

By: Jack Mottram

Jack Mottram — Thu, 25 Jan 2007 13:24:14 +0000

Nice one. It’s especially good to see how quickly the MyOpenID folk reacted to the phishing concerns.

Also, that’s a good point you made about OpenID being vulnerable to phishing, but also having a certain degree of protection built in thanks to user familiarity with their login page.

By: Luis

Luis — Wed, 24 Jan 2007 16:38:13 +0000

Well, pass on the congrats to them, then. I’m sure they’ve been hearing a lot of it, of course.

By: kveton

kveton — Wed, 24 Jan 2007 16:35:54 +0000

I'm just the guy that does the blog posts ... :-) ... its the team of dedicated developers here at JanRain that is doing the hard work ... glad it worked for you!