Oops, sent from the wroong address: On Dec 4, 2008, at 11:39, Luke Faraone <[EMAIL PROTECTED]> wrote:
> Ever seen those popups that try to look like windows dialogs to get > you to install spyware? The same can be done here, and sugar doesn't > help by naming browse's spawned windows as "rainbow-daemon"... > > The point is moot, however, because the user is simply giving his > authorization (not a password), and the jabber authentication > messages have to originate from the actual XO. (or machine with that > JID). > > -lf > > On Dec 4, 2008, at 10:59, "Sebastian Silva" > <[EMAIL PROTECTED]> wrote: >> Second, and more importantly, if we do this right, his description of >> the problem does not bite us because a child is already logged in by >> the time he goes outside to the wild phishing monster filled world. >> If the fake OpenID sends you to a fake user/pass page (weren't we >> discussing passwordless?) - it should be suspicious since he'll know >> he's already logged in. >> >> Also, more importantly, if the login confirmation is done via the GUI >> (and not a website), then the problem is gone (how can you fake a >> sugar dialog from a website?). _______________________________________________ Sugar mailing list Sugar@lists.laptop.org http://lists.laptop.org/listinfo/sugar