-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have also reported the bug to Apple so any providers which do not fix this problem should be safe once Apple release a bug fix.
On Thu, 22 Mar 2007 17:45:50 +0000 [EMAIL PROTECTED] wrote: >That is true the browser affected was safari but another OpenID >server was vulnerable to the same sort of attack across multiple >browsers. > >On Thu, 22 Mar 2007 17:00:57 +0000 Josh Hoyt <[EMAIL PROTECTED]> >wrote: >>On 3/22/07, Josh Hoyt <[EMAIL PROTECTED]> wrote: >>> On 3/22/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >>> > MyOpenID have fixed the problem with their site now so I shall >>give >>> > everyone on this list 1 week from now to contact me (29th >>March). I >>> > have had two people contact me regarding the problem and 1 >>beta >>> > OpenID server was affected and the other wasn't. >>> >>> I was going to write up the issue on the JanRain blog. Would >>anyone >>> prefer that I wait to post my write up? >> >>Note that the vulnerability only applies to users of Safari. I >>tested >>it with IE6, IE7, Firefox and Opera 9 and users of those browsers >>were >>not exposed. Also note that the vulnerability is due to what I >>consider a flaw in Safari's JavaScript security. >> >>Josh -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkYDo2IACgkQrR8fg3y/m1BI3gP/Z/I+4KDAeh4A26jnIZfmqIxrvJgx EokOSE9CvYqbpdprxJPZi4U/ZH0NfUfWGAhItarFN0rQ2RoXlclTuQZeJQBPVw8Aojcm f8Gvo4bXWE/mX/LTHrZ1+5pR9WfNGnmlL/4M2y20HI+cInfbLAvRKOwRywxr9m1zMqvP jIvmrJ8= =G3J2 -----END PGP SIGNATURE----- -- Click to get 125% of your home's value, super fast, no lender fees http://tagline.hushmail.com/fc/CAaCXv1QaK2AVITKMKgp9A9LYZGGJs2i/ _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
