[Opensim-dev] OpenID
Dr Scofield
DrScofield at xyzzyxyzzy.net
Thu Mar 19 07:20:41 UTC 2009
Aldon Hynes wrote:
> Can someone point me to an authentication system that isn't susceptible to
> being phished?
as soon as you add an out-of-band channel, you have increased your security
quite a bit...
cheers,
dirk
>
> Aldon
>
> -----Original Message-----
> From: opensim-dev-bounces at lists.berlios.de
> [mailto:opensim-dev-bounces at lists.berlios.de]On Behalf Of Mike Mazur
> Sent: Tuesday, March 03, 2009 2:53 AM
> To: opensim-dev at lists.berlios.de
> Cc: ralf at ralf-haifisch.biz
> Subject: Re: [Opensim-dev] OpenID
>
>
> Hi,
>
> On Tue, 3 Mar 2009 08:40:03 +0100
> "Ralf Haifisch" <ralf at ralf-haifisch.biz> wrote:
>
>> beiing pished - you are talking about "getting the users token" ?
>
> The expected scenario is this:
>
> 1. Log into travel.com using OpenID
> 2. travel.com redirects you to myopenid.com for you to enter your pwd
> 3. You enter your valid OpenID password
> 4. myopenid.com redirects you back to travel.com, you are now authed
> 5. You book your ticket safely
>
> The phishing scenario is this:
>
> 1. Log into travol.com using OpenID
> 2. travol.com redirects you to BADopenid.com for you to enter your pwd.
> BADopenid.com looks just like myopenid.com, you don't notice the
> different URL and the lack of SSL session
> 3. You enter your valid OpenID password
> 4. Now the bad guys have access to your OpenID account, and all the
> services you use OpenID to authenticate with
>
> Mike
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
--
dr dirk husemann ---- virtual worlds research ---- ibm zurich research lab
SL: dr scofield ---- drscofield at xyzzyxyzzy.net ---- http://xyzzyxyzzy.net/
RL: hud at zurich.ibm.com - +41 44 724 8573 - http://www.zurich.ibm.com/~hud/
More information about the Opensim-dev
mailing list