On 3/22/07, Josh Hoyt <[EMAIL PROTECTED]> wrote: > On 3/22/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > MyOpenID have fixed the problem with their site now so I shall give > > everyone on this list 1 week from now to contact me (29th March). I > > have had two people contact me regarding the problem and 1 beta > > OpenID server was affected and the other wasn't. > > I was going to write up the issue on the JanRain blog. Would anyone > prefer that I wait to post my write up?
Note that the vulnerability only applies to users of Safari. I tested it with IE6, IE7, Firefox and Opera 9 and users of those browsers were not exposed. Also note that the vulnerability is due to what I consider a flaw in Safari's JavaScript security. Josh _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
