Monday, May 26, 2008 - Posts

• Even Phishers Have Their Problems

  While gone phishing, I discovered that the use of JavaScript puts one barrier up that phishers have to overcome to impersonate a legitimate site. In a characteristically hilarious post, Paul Madsen points out that, besides having to overcome active defenses like Sxipper (“Down girl!”), phishers may also inadvertently present pages localized for their locale, [...] Read More... Posted Monday, May 26, 2008 4:37 PM from Mike Jones: self-issued | 1 Comments Filed under: OpenID, Phishing Resistance

• Gone Phishing

  Fun Communications’ site idtheft.fun.de lets you mount your very own man-in-the-middle based phishing attack against the OpenID provider of your choosing. Rather than redirecting you to the OpenID provider you specify, it instead redirects you to a page impersonating the OpenID provider, created using content scraped from the real site behind the scenes. This is [...] Read More... Posted Monday, May 26, 2008 5:58 AM from Mike Jones: self-issued | 0 Comments Filed under: Information Cards, OpenID, Windows Cardspace, Phishing Resistance

• Fun Communication’s Fun Identity Innovations

  Johannes Feulner of Fun Communications recently showed me three different identity sites they’ve created, each fun and valuable in its own way. The first, www.webcard-loyalty.com , lets companies create online loyalty cards for their customers. Read More... Posted Monday, May 26, 2008 5:57 AM from Mike Jones: self-issued | 1 Comments Filed under: Information Cards, OpenID, Phishing Resistance