If you want see how this really happens, you can try out OpenID Phishing demo . And if you don't want to try it out Mike Jones has illustrated how OpenID Phishing demo works in his blog post "Gone Phishing". Stefan Brands also summarizes security issues of OpenID in his post “The problem(s) with OpenID”. And further, Ben Laurie’s describes this problem in more detail in his post "OpenID: Phishing Heaven" . In response, Simon Willison suggests how OpenID providers can help to reduce the risk of phishing. The idea is to make users directly go to the OpenID provider without redirecting them or making them follow links. According to Simon, “Instead of displaying the login form directly, providers should show a page that looks something like this: To log in, please navigate to login.example.com. The page your are currently viewing should contain no links; if there are any links or this text is changed in any way you may become a victim of online identity theft.”. He also suggests that OpenID provider URLs should be short, distinctive and memorable to make this effective. Yes, most of people agree that the best solution to prevent phishing is to educate the users but then again is this really possible ? Will some ordinary person will remember this if he is forwarded impersonating web sites which will directly offer a login screen or a link. Will someone who don't care a thing about what is on address bar will notice that is is not http://myopenid.com ?
One way of doing this is OpenID providers forcing users to use bookmark to login to OpenID provider. My OpenID's SafeSignIn is one such solution. But if someone impersonating the OpenID provider puts up a nice message saying as a new feature now you can login directly without using the bookmark how many people will fall in to that. Another solution is to use some pre configured images or icons , so that only the real provider can present you with the image/icon you chose and if you don't see the image/icon you can notice that you have landed on a spoofed site. Yahoo Sign in Seal and My OpenID's Personal Icon are two such solutions. But again, this depends on how much user is aware of these features. VeriSign's OpenID SeatBelt Plugin is another approach taken to prevent phishing. This plugin has an “Enable Phish Detection” option and when it is enabled, it tries detect phishing attempts when we are redirected to OpenID providers and always redirect us to the legitimate OpenID provider. Another solution is to use OpenID with Infocards.Kim Cameron talks on how to prevent phishing attacks with Infocard in detail in his blog post "Integrating OpenID and Infocard" .There are seems to be many other custom efforts to avoid phishing attacks but OpenID seems to be moving to a standard solution.
OpenID Provider Authentication Policy Extension (PAPE) specification tries to solve this problem by enabling OpenID relying parties to request that a phishing-resistant authentication method be used by the OpenID provider and for providers to inform relying parties whether a phishing-resistant authentication method was used. So if the OpenID provider doesn't authenticate the user in a phishing resistant way, OpenID provider should let the relying party know that it didn't use phishing resistant authentication so the relying party can decide what to do. But is this completely bullet proof ? This only guarantees that OpenID provider used a phishing resistant authentication this time as replying party asked so and it doesn't necessarily mean that it always used a phishing resistant authentication. What if some phisherman, impersonated a relying party and user has already become a victim of a phishing attack. Then when the legitimate relying party asks the open id provider to do the authentication in a phishing resistant manner, still the phisherman can succeed as he has already got the necessary information.
So it seems, protecting an average user from phishing only using the technology (without educating him with security concerns ) is a pretty hard thing. And yeah, we have to agree it is an inherent problem and not a problem of OpenID itself. So will we be able to get rid of phishing without users support just using the technology ? May be we will, someday. Who knows ....
Bookmark this post with:
18 comments:
A study last yearnike tn, the author in the essay read NIKE , a reporter at the Shanghai headquarters in an interview, nike chaussuressee a pr in high school to read a league plans, employees interviewed told reporters in Beijing's streets, they children to interview, the children said, "truly understand them." tn chaussures These words, if the author touches product function, brand spirit and culture is to become part of the consumer of two basic methods
There are spyder jackets 10 pcs of excellent Ralph Lauren multi-colored stripe big pony cheap columbia jackets. These products are more soft and comfortable for being made of breathable and durable mesh cotton .cheap polo shirtsthere are lots of colors and sizes for your choice, just pick up one you like ,it is absolutely value for money.
Lacoste Polo Shirts, ralph Lauren polo shirts , Burberry Polo Shirts.wholesale Lacoste polo shirts and polo ralph laurenwith great price. clothingol.com offers lot of 10 lacoste polo shirts and lot of 20 cheap polo shirts. clothingol.com offers classic fit polo shirts. polo clothing
Bon March¨¦ Chaussure PumaChaussure Sports Shop:baskets pumaChaussure Puma Femme,Chaussure Puma Homme,Chaussure Nike Femme,Chaussure Nike homme,nike shoxChaussure Sport et plus. Livraison Rapide.Cheap Brand Jeans ShopMen Jeans - True Religion Jeans, Women JeansGUCCI Jeans, Levi's Jeans, D&G Jeans, RED MONKEY Jeans, Cheap JeansArmani Jeans, Diesel Jeans, Ed hardy Jeans, Evisu Jeans, Jack&Jones Jeans...
http://alisasweety.blog126.fc2.com/
http://d.hatena.ne.jp/chinawholesalers/
http://www4.atword.jp/wholesalefromchina/
http://blog.goo.ne.jp/buyproductswholesale
http://chinawholesalers.easyjournal.com/
There are ed hardy shirts
,pretty ed hardy shirt for men,
ed hardy womens in the ed hardy online store
designed by ed hardy ,
many cheap ed hardy shirt ,glasses,caps,trouers ed hardy shirts on sale ,
You can go to edhardyshirts.com to have a look ,you may find one of ed hardy clothing fit for you
Top qualitymen's jacket,
These cheap jacket are on sale now,you can find
north face jackets inmage on our web
Ralph Lauren Polo Shirts,buberry polo shirts
Do you wannaghd hair straighteners for you own , we have many
cheap ghd hair straightenersin style and great,you can choose one from these
hair straighteners
Authentic chaussure puma
chaussure sport
And chaussure nike shoes
Come here to have a look of our Wholesale Jeans
Many fashionMens Jeans ,eye-catching
Womens Jeans ,and special out standing
Blue Jeans ,you can spend less money on our
Discount Jeans but gain really fine jeans, absolutely a great bargain.
www.crazypurchase.com
China Wholesale
wholesale from china
buy products wholesale
China Wholesalers
http://www.weddingdressseason.com
fantastic!God bless you!Meanwhile,you can visit my China Wholesale,we have the highest quality but the lowest price fashion products wholesale from China.Here are the most popular China Wholesale productsfor all of you.You can visit http://chinaclothes.net.Also the polo clothing is a great choice for you.
Do not mean bad.Thank you so much!I just want to show some fashion things to all of you.I like puma speed, puma femmes and other puma shoes. These puma sport items are at store recently and available for anyone.
Perfect!!You are a outstanding person!Have you ever wore chaussures puma,Here are the most popular puma CAT,Puma shoes store gives some preview of puma speed cat,and casual but no sweat puma basket.
God bless you!I really agree with your opinions.Also,there are some new fashion things here,gillette razor blades.gillette mach3 razor bladesfor men.As for ladies,gillette venus razor blades must the best gift for you in summer,gillette fusion blades are all the best choice for you.
Awesome!!!Best wishes for you !!cheap polo shirts is the father of the summer should be prepared to most commonly used item, it has both style and shape of Ralph Lauren Polo, and vest with a random function polo ralph lauren, so that in the short-sleeved apply to both on many occasions, the pink and black color men's polo shirts brought into effect, lightweight cotton, linen texture to demonstrate masculine temperament and sense of fashion exhaustively.
Thank you so much!!polo shirt men'ssweate,Burberry Polo Shirts lacoste sweater, ralph lauren Columbia Jackets,ski clothing. Free Shipping, PayPal Payment. Enjoy your shopping experience on mensclothingus.com.You can find the father who desire fashionable, intellectual mens clothing simultaneously.
real life
chaussures puma zone
chaussures puma online
polo shirts lj's blog
mensclothingus
ugg boots'camp
In preparation for the purchase of a tennis racquetbefore, we must consider your financial ability to bear; On this basis, a further comparison, as far as possible, choose your head tennis racquets. Now a lot of babolat pure drive and more mixed materials, the proportion of mixed-use to control the stiffness of the babolat aeropro drive and the shock-absorbing capacity, the more rigid babolat tennis racket, the swing more powerful force; but the relative resilience of the shock-absorbing capacity and wilson k factor performance of talks on the easier it is for the wrist and elbow injury.
Wholesale Handbags
Cheap Handbags
Womens Handbags
Cheap Purses
Designer Handbags
Burberry polo shirt the steady, solid, so many young girls also love it. Speaking of people of a ralph lauren polo, think it a sign of nobility elegant waving in the horse club.spyder jacket in the cold in your winter activities can be easily.columbia jacket it is expensive, but here you do not need to consider the price of it. the north face jacket one of my favorite money, I do not know how many in this world of its fans.
ed hardy clothing
ed hardy clothes
ed hardy shirts
ed hardy t-shirts
ed hardy sunglasses
ed hardy mens
ed hardy womens
Burberry polo shirt the steady, solid, so many young girls also love it. Speaking of people of a ralph lauren polo, think it a sign of nobility elegant waving in the horse club.spyder jacket in the cold in your winter activities can be easily.columbia jacket it is expensive, but here you do not need to consider the price of it. the north face jacket one of my favorite money, I do not know how many in this world of its fans.
ed hardy clothing
ed hardy clothes
ed hardy shirts
ed hardy t-shirts
ed hardy sunglasses
ed hardy mens
ed hardy womens
http://2009tennis.blogspot.com/
http://www.free-blog-site.com/tennis
http://o3.indiatimes.com/racquet/
http://cid-8c8a918b06ff68fd.spaces.live.com/?lc=2052
http://2009tennis.cocolog-nifty.com/
http://2009tennis.blog.drecom.jp/
http://2009tennis.blog.shinobi.jp/
http://www.actiblog.com/slary/
http://pshirts.blog126.fc2.com/
http://www.free-blog-site.com/shirts
http://nikepuma.blog.shinobi.jp/
http://hardy55.blog126.fc2.com/
http://cid-f80137f6d1a8020b.spaces.live.com/?lc=2052
http://www2.atword.jp/sdgdyhd/
http://kurumaro.com/hardy/
http://hardyclothes.jugem.jp/
http://www.actiblog.com/sfawagfra/
http://thediary.org/cheaphandbags/
http://ameblo.jp/kaowy/
http://sale.edublogs.org/
http://www2.atword.jp/jak/
http://09handbags.blog126.fc2.com/
http://sun15.cocolog-nifty.com/
http://ameblo.jp/ailsa15/
http://junior2tennis.blog.shinobi.jp/
Post a Comment