domingo, 25 de marzo de 2007

OpenID Phishing: Guía para principiantes | Kriptópolis

OpenID is a web-based, distributed authentication protocol set to become a standard way of signing in to websites. OpenID enables you to keep control over your own identity by separating identity 'providers' and 'consumers'. You register your 'identity' or 'account' at a single OpenID provider and then you have instant access to a vast array of service providers that are OpenID consumers. However, with great power comes great responsibility. OpenID is highly susceptible to phishing attacks unless proper counter-measures are taken by the providers. We will demonstrate how to do a very simple phishing attack that already works for most OpenID providers. We will also give some possible (non-)solutions to the problem.

OpenID Phishing: Guía para principiantes | Kriptópolis
Publicar un comentario