I tried the phishing demo and, even without using an Infocard, saw some indicators that would flag to even the most obtuse user that something was amiss.
The first clue was a warning from a faithful watch dog
Hmmm, Sxipper smells smoke, and is barking furiously to wake me up.
No bitch (Sxipper is female no?) is going to tell me what to do, so I persevered.
After going through the mental inventory of available OpenIDs alphabetically, I chose Blogger as OP.
The phishing RP sent me to the facsimile Blogger.
This set my spidy senses tingling. As my German is restricted to ordering 'Ein Stein' at the Hoffsbrau House, this seemed strange. Was this some new Blogger program to expand my linguistic horizons?
Not knowing the privacy policy of the demo site with respect to how they would handle my Blogger credentials, I stopped there.
2 comments:
Alphabetically? Hmm... since you can't delete it... why'd you skip over, what I'm guessing is, the first one in your list? ;-)
Actually George, I specifically defined the OpenID that you are referring to so that it would appear last in the list
zebra.aol.com
My way of skewing the selection algorythm.
paul
Post a Comment