OpenID now an attractive target

January 21, 2008 at 8:10 pm 4 comments

I was reading Peter Griffin’s article in the NZ Herald called Managing your online identity today. Most of it was straightforward coverage of OpenID and the critical mass that Yahoo provides.

Towards the end of the article he says, “With that many Yahoo users in the OpenID camp you can bet hackers will try to gain access.” Yes but, more importantly, OpenID is now at a stage where it has become economically attractive for the bad guys to spend some serious efforts and resources on attacking it.

These guys are “rational” and organised. So far, attacking OpenID was not a rational use of resources. Now with critical mass, all that has changed.

I think it is safe to predict that in the near future we are going to see OpenID protocols, implementations, and user experience (for social engineering) coming under intense scrutiny and probed in ways that it hasn’t so far.

In some ways, that’s a good thing as it will help strengthen OpenID. But, getting there may be a bit painful.

Advertisements

Entry filed under: fraud, identity, OpenID, security.

UK: technology to the rescue Sir Edmund Percival Hillary, 1919-2008

4 Comments Add your own

  • […] Original post by Vikram […]

    Reply
  • 2. Openid » OpenID now an attractive target  |  January 21, 2008 at 9:49 pm

    […] Vikram wrote an interesting post today on OpenID now an attractive targetHere’s a quick excerptTowards the end of the article he says, “With that many Yahoo users in the OpenID camp you can bet hackers will try to gain access.” Yes but, more importantly, OpenID is now at a stage where it has become economically attractive for the … […]

    Reply
  • 3. mitch  |  January 22, 2008 at 11:44 am

    Certainly security is one of the pending questions for OpenID. If there is only one key to the entire internet, the password theft becomes exponentially more important.

    There are two more secure OpenID’s available already.

    Verisign offers OpenID with username and password, but users can opt to upgrade to a hardware token one-time password at their own expense.

    myVidoop.com offers OpenID with a unique software-only one-time password at no cost to users.

    Both solutions protect against keylogging, phishing, and brute force. One is paid (Verisign); the other is free for users (myVidoop.com.)

    Reply
  • 4. Pages tagged "attractive"  |  January 31, 2008 at 8:26 pm

    […] bookmarks tagged attractive OpenID now an attractive target saved by 3 others     ilovesasuke401 bookmarked on 01/31/08 | […]

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter

Error: Twitter did not respond. Please wait a few minutes and refresh this page.

Feeds


%d bloggers like this: