-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all again
I have also released details of a Safari beta vulnerability:- www.thespanner.co.uk/2007/06/29/safari-same-origin-hole/ Basically the document.domain property can be manipulated on IE6, IE7 and Safari so it would be of great concern for OpenID providers. This is why I suggest always asking for a password on a site confirmation. Cheers Gareth -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkaFIEoACgkQrR8fg3y/m1Di5AP/VTN/OOmmolhK+rdTGczl0nOY4oCy rg+uTjlYIX6yltTQyy2GD7sj2YgZg+wfwC6ov6yMY6//Opi3r5fSIiGME0Mhj+mplA+l uizHW6iLCyI8AqsCDQqIAthSWmi6R/ZhOdFUWaMq1qduwzJ6hX56GTouvedykUnwPSM5 uFzB7sM= =a28B -----END PGP SIGNATURE----- -- Need cash? Apply now for a credit loan with fast approval http://tagline.hushmail.com/fc/Ioyw6h4d9GwEm0FPs58JLYOkiKVDgahgMOjrFD5eoajaeMrbyrXHXm/ _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
