Wednesday, October 29, 2008

Google announced so called OpenID launch which scared me again about OpenID
I'm not totally against OpenID concept, I'm just paranoid about it at this stage.

Here's my take on


Dhananjay Nene said...

Nice presentation. I was not sure how CSRF or XSS vulnerabilities would get particularly influenced for better or for worse by using OpenID.

Phishing of course is a big problem, and using extensions such as Seatbelt for Firefox might be useful.

Vikram Pendse said...

Are those vulnerabilities with OpenID are with CardSpace too? , I believe both works on almost same methodology.

Rohit Srivastwa said...

XSS and CSRF can be used for many "good" things.
Depending on client side security life FF extension is not a very good idea, I feel client side security is for geeks only, what about common man. Even you know how much a common man knows about security

Frankly telling, I haven't tried any attack on CardSpace yet. So can't comment at this moment. If you do so, please let me also know.

Post a Comment