OpenID provides a better security model

published: March 24th, 2008

I couple of posts back I’ve started a conversation on what OpenID is and why it could turn a bit insecure. You can read more about this over here, here and here. Today, I would like to draw your attention on why I believe that OpenID based authentication is a lot more more secure then the dispersed, decentralized, authentication model we use today.

This post is inspired by a recent discussion on Full-Disclosure which I vividly took part in, supporting OpenID. [...]

more | comments | comments rss | posted by pdp

Hijacking OpenID enabled Accounts

published: February 3rd, 2008

It has been a long time since I last spoke about OpenID. Today I would like to draw your attention to a tiny problem, which I found among several OpenID solutions. The problem is indeed tiny but the overall outcome is concerning.

CSRF – It comes very handy. It seams that no matter how much you talk about it, very few pay attention on the problem. And it is not a problem that you can afford to have. [...]

more | comments | comments rss | posted by pdp