-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 That is true the browser affected was safari but another OpenID server was vulnerable to the same sort of attack across multiple browsers.
On Thu, 22 Mar 2007 17:00:57 +0000 Josh Hoyt <[EMAIL PROTECTED]> wrote: >On 3/22/07, Josh Hoyt <[EMAIL PROTECTED]> wrote: >> On 3/22/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> > MyOpenID have fixed the problem with their site now so I shall >give >> > everyone on this list 1 week from now to contact me (29th >March). I >> > have had two people contact me regarding the problem and 1 >beta >> > OpenID server was affected and the other wasn't. >> >> I was going to write up the issue on the JanRain blog. Would >anyone >> prefer that I wait to post my write up? > >Note that the vulnerability only applies to users of Safari. I >tested >it with IE6, IE7, Firefox and Opera 9 and users of those browsers >were >not exposed. Also note that the vulnerability is due to what I >consider a flaw in Safari's JavaScript security. > >Josh -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkYCwKYACgkQrR8fg3y/m1BBhQP+ID0Z2qRfRvEDbuQ/anTH3Cz0nENE XM+HWn+/gf+dkKX9nqL6uhkPW+6doWbdN4eTEKEuX600kkFxN8cgoumr5FcVfBAM/GvZ QoKkE+79Cc75kSmKsmTDs3AWjLnQn+cMo8eZbf9BiCZtRuzQSlmIs1JtP7WuC7KneQAY MiEIMUg= =L8cO -----END PGP SIGNATURE----- -- Click to lower your debt and consolidate your monthly expenses http://tagline.hushmail.com/fc/CAaCXv1QPxbBLttJpi0620CaUa7fNdNI/ _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
