Google announced so called OpenID launch which scared me again about OpenIDI'm not totally against OpenID concept, I'm just paranoid about it at this stage.Here's my take on
ByRohit Srivastwaat9:14 PM
Nice presentation. I was not sure how CSRF or XSS vulnerabilities would get particularly influenced for better or for worse by using OpenID. Phishing of course is a big problem, and using extensions such as Seatbelt for Firefox might be useful.
Are those vulnerabilities with OpenID are with CardSpace too? , I believe both works on almost same methodology.
@Dhananjay XSS and CSRF can be used for many "good" things.Depending on client side security life FF extension is not a very good idea, I feel client side security is for geeks only, what about common man. Even you know how much a common man knows about security@VikramFrankly telling, I haven't tried any attack on CardSpace yet. So can't comment at this moment. If you do so, please let me also know.
Post a Comment