Internet Strategy Guide

Together we can defeat the internet

Thursday, February 12, 2009

openid seems to hate me

been trying to comment on Chris Shiflett's post on the twitter "Don't Click" debacle and can't seem to get authenticated through openid. so having to post my reply here (below).

cavaet: i'm not an expert on anything and a n00b at a lot of things

liked the article, however I want to disagree that it isn't a csrf attack since "The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to have authenticated" (according to wikipedia [oh no, i'm that guy. *sigh*]). @ramsey said it didn't affect him because he wasn't logged in on the website.

It seems to me that it used clickjack ui redressing to carry out the authentication exploit.

Want to know the funny thing? The only reason I logged into the website was to follow @shiflett.

posted by chance at 11:40 am  

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Powered by WordPress