Slashdot Mirror

← Back to Domains

Domain: openid.net

Stories and comments across the archive that link to openid.net.

Stories · 8

  1. Facebook's Biggest Bounty Yet To Hacker Who Found "Keys To the Kingdom"

    It · Facebook · · posted by timothy · from the yeah-let's-talk dept. · 111 comments
    mask.of.sanity writes "Facebook has paid out its largest bug bounty of $33,500 for a serious remote code execution vulnerability which also returned Facebook's etc/passwd. The researcher could change Facebook's use of Gmail as an OpenID provider to a URL he controlled, and then sent a request carrying malicious XML code. The Facebook response included its etc/passwd which contained essential login information such as system administrator data and user IDs. The company quickly patched the flaw and awarded him for the proof of concept remote code execution which he quietly disclosed to them."

  2. OpenID Warns of Serious Remote Bug, Urges Upgrade

    It · Security · · posted by timothy · from the slew-of-myriads-of-plethoras dept. · 45 comments
    Trailrunner7 writes "The OpenID Foundation is warning users about a weakness in the software that could enable an attacker to change some of the data exchanged between parties that use OpenID. The group is telling sites that implement OpenID to update to a new version in order to fix the problem. The bug in OpenID lies in the system's Attribute Exchange, an extension that gives sites the ability to exchange identity information between endpoints. OpenID, an open source project that enables users to prove their identity to myriad sites without providing their passwords, is used by a slew of popular sites, including Google, Yahoo and Flickr."

  3. OpenID Foundation Embraced by Big Players

    Tech · Internet · · posted by Zonk · from the friends-in-high-places dept. · 167 comments
    An anonymous reader writes "The OpenID Foundation has announced that Google, IBM, Microsoft, VeriSign and Yahoo! have all joined its board. It's exciting to see OpenID being embraced by such large players, but its also a concern that such big corporates are now directly influencing the fledgeling foundation. 'Today there are over a quarter of a billion OpenIDs and well over 10,000 websites to accept them. OpenID has grown to be implemented by major open source projects such as Drupal, cornerstone Web 2.0 services such as those by 37signals and Six Apart, as well as a mix of large companies including as Apple, Google, and Yahoo!. Today is about truly recognizing the accomplishments of the entire OpenID community which has certainly grown beyond the small grassroots community where it started in late 2005.'"

  4. OpenID Foundation Embraced by Big Players

    Tech · Internet · · posted by Zonk · from the friends-in-high-places dept. · 167 comments
    An anonymous reader writes "The OpenID Foundation has announced that Google, IBM, Microsoft, VeriSign and Yahoo! have all joined its board. It's exciting to see OpenID being embraced by such large players, but its also a concern that such big corporates are now directly influencing the fledgeling foundation. 'Today there are over a quarter of a billion OpenIDs and well over 10,000 websites to accept them. OpenID has grown to be implemented by major open source projects such as Drupal, cornerstone Web 2.0 services such as those by 37signals and Six Apart, as well as a mix of large companies including as Apple, Google, and Yahoo!. Today is about truly recognizing the accomplishments of the entire OpenID community which has certainly grown beyond the small grassroots community where it started in late 2005.'"

  5. AOL Now Supports OpenID

    Yro · Aol · · posted by Zonk · from the making-progress dept. · 163 comments
    Nurgled writes "On Sunday John Panzer announced that AOL now has experimental OpenID server support. This means that every AOL user now has an OpenID identifier. OpenID is a decentralized cross-site authentication system which has been growing in popularity over the last few months. AOL is the first large provider to offer OpenID services, and though they do not currently accept logins to their services with OpenID identifiers from elsewhere, they are apparently working on it. The next big challenge for OpenID proponents is teaching AOL's userbase how to make use of this new technology."

  6. Gates Says Microsoft Will Support OpenID

    Yro · Internet · · posted by kdawson · from the who-i-am dept. · 73 comments
    An anonymous reader writes "In his RSA conference keynote today, Bill Gates announced that Microsoft will support the decentralized OpenID digital identity protocol, in addition to WS-* and CardSpace (transcribed notes, video). From its roots in LID, i-names, and Sxip, the first major deployment in LiveJournal, and now with support from Techorati, Magnolia, Symantec, a suspected mass-deployment by AOL, and a number of startups — using URLs as digital identities has caught hold."

  7. Digital Identities Now Available

    · posted by ryuzaki0 · from the true-names dept. · 170 comments
    Largecranium writes, "I-names, the only globally unique, resolvable namespace in parallel to the DNS system and compatible with OpenID, are being introduced during Digital ID World in Santa Clara. I-Names are only as useful as the services they enable; the services that are available today are interesting but not life-changing. The ones that are coming in the next 6-12 months could change the way people interact online. I-names and their value (today and tomorrow) are casually explained at iwantmynamenow.com." I-names are the lineal descendant of the technology that began as XNS and continues evolving today as XDI.

  8. LiveJournal Founder Launches OpenID System

    Internet · · posted by ryuzaki0 · from the who-are-you? dept. · 172 comments
    geekdreams writes "Brad Fitzpatrick, the founder of LiveJournal, has launched OpenID, an 'actually distributed identity system' for websites that accept user comments. The system utilizes decentralized servers to authenticate users, and aims to replace centralized ID systems such as Microsoft's Passport and SixApart's TypeKey. The first implementation of OpenID can be seen on LiveJournal comments pages." Previously mentioned on Slashdot, now out of development.