-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone
I would like to release the details of the exploit but I also don't want to create problems for any users of OpenID services. I think the exploit is important not because it is a browser vulnerability that creates the hole but it is the concept that can produce other holes. I will not release the exploit publicly because of the amount of sites I have found that contain this vulnerability but are also affected across browsers. If anyone wishes to have the details of the exploit then I will happily provide the sample code, if you can prove to me that you actually have an OpenID service and you own that service. Unfortunately due to time restraints I have not finished my research on this subject so you can expect me to make sure that you are all on your toes when it comes to security in the near future. Cheers Gareth -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkYc8ScACgkQrR8fg3y/m1BeKAP+IuvTkdQJKU0YWruGfgHzHRLTmTtE oTN52cn5u0GksEn6cLlHeR25Np5ia2VYj3Oak4h/JL1MutoBmlRsRygfRZ/mnHa7Kh3l vKvGo17wmakkpUchSTGZAtbyHPbalQ6HKCOA4PD4bNV5QdG2rw2s6b+ibrpzhWbDgE6h r6BfThs= =PTXV -----END PGP SIGNATURE----- -- Click to become an artist and quit your boring job http://tagline.hushmail.com/fc/CAaCXv1P277pdNYiQo49V4muCzzgNvjc/ _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
