csrf – Internet Strategy Guide https://phpprotip.com Together we can defeat the internet Tue, 07 Mar 2017 02:01:20 +0000 en-US hourly 1 https://wordpress.org/?v=4.7.31 55205001 Copyright © Internet Strategy Guide 2013 chance@chancegarcia.com (Internet Strategy Guide) chance@chancegarcia.com (Internet Strategy Guide) http://phpprotip.com/wp-content/plugins/podpress/images/powered_by_podpress.jpg Internet Strategy Guide https://phpprotip.com 144 144 Together we can defeat the internet Internet Strategy Guide Internet Strategy Guide chance@chancegarcia.com no no openid seems to hate me https://phpprotip.com/2009/02/openid-seems-to-hate-me/ https://phpprotip.com/2009/02/openid-seems-to-hate-me/#respond Thu, 12 Feb 2009 19:40:04 +0000 http://phpprotip.com/?p=115 been trying to comment on Chris Shiflett’s post on the twitter “Don’t Click” debacle and can’t seem to get authenticated through openid. so having to post my reply here (below).

cavaet: i’m not an expert on anything and a n00b at a lot of things

liked the article, however I want to disagree that it isn’t a csrf attack since “The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to have authenticated” (according to wikipedia [oh no, i’m that guy. *sigh*]). @ramsey said it didn’t affect him because he wasn’t logged in on the website.

It seems to me that it used clickjack ui redressing to carry out the authentication exploit.

Want to know the funny thing? The only reason I logged into the website was to follow @shiflett.

]]> https://phpprotip.com/2009/02/openid-seems-to-hate-me/feed/ 0 115