Archive for January, 2007

Phishing and OpenID: Bookmarks to the Rescue?

Saturday, January 20th, 2007

OpenID, as currently used for single sign-on, facilitates phishing.
Using OpenID, you can establish an account at any identity provider you like, and then use it to log in to any OpenID-enabled website.  Unfortunately, the way it’s currently deployed, described, and demonstrated, OpenID makes users even more susceptible to phishing than they are without it.  [...]

Posted in Authentication, Ideas | 33 Comments »

Disclosure and Voting System Security

Friday, January 12th, 2007

Ben Adida and I worked together with the Samuelson Law, Technology, and Public Policy Clinic to produce a letter to the Minnesota Secretary of State in response to requests that were denied last year due to fears that they might compromise security.  The letter argues for more public disclosure of voting system information and [...]

Posted in General | 1 Comment »