On 3/22/07, Josh Hoyt <[EMAIL PROTECTED]> wrote: > On 3/22/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > MyOpenID have fixed the problem with their site now so I shall give > > everyone on this list 1 week from now to contact me (29th March). I > > have had two people contact me regarding the problem and 1 beta > > OpenID server was affected and the other wasn't. > > I was going to write up the issue on the JanRain blog. Would anyone > prefer that I wait to post my write up?
I have done a write-up [1] that explains who was exposed by the vulnerability, and the effect of the exploit, but does not contain the technical details of the exploit. I'll post the technical details and how we fixed the problem after the 29th. Josh 1. http://janrain.com/blog/2007/03/22/myopenid-security-fix/ _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
