2012 Oct 1, 6:33
According to the links within this article, although the root URI of the router requires authentication, the /password.cgi URI doesn’t and the resulting returned HTML contains (but does not
display) the plaintext of the password, as well as an HTML FORM to modify the password that is exploitable by CSRF.
The attack… infected more than 4.5 million DSL modems… The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log
in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to
booby-trapped imposter sites.
2012 Sep 13, 5:00 2011 Nov 14, 7:51
Includes ‘511 Network Authentication Required’ for airport/hotel/coffee shop scenarios! Am I too excited about this?
2010 Oct 28, 6:32 2010 Oct 4, 2:05
Proposed 428 HTTP error code for hijacking proxies to indicate to the client the user needs to login to the network etc. Glad to see this one's finally happening.
2009 Nov 30, 6:31
"At Mozilla Labs, we’ve been working on some potential integrations of identity directly into the browser. Note, this is an extremely rough draft." Looks pretty!
2009 Nov 23, 11:28
"Thanks to the utilization of new technology, we're now seeing large-scale success in eliminating the need for passwords while increasing the successful registration rate at websites to over
90%...In addition, after a thorough evaluation of the security and privacy of these technologies, the same techniques are being piloted by President Obama's open identity initiative to enable
citizens to sign in more easily to government-operated websites."
2009 Apr 29, 12:34
"In this presentation, recorded at QCon San Francisco 2008, HTTPbis WG chair Mark Nottingham gives an update on the current status of the HTTP protocol in the wild, and the ongoing work to clarify
the HTTP specification."
2009 Apr 20, 3:37
Web service that hosts avatar images for things like blog comments. The image is ID'ed by a hash of the user's email address. Auto generated or if the user signs up, the image can be whatever they
upload. Lots of plugins for different blogging platforms.
2009 Jan 22, 9:48
"Revocation presents another challenge. If a system relies only on a biometric for both identity and authentication, how do you revoke that factor? Forgotten passwords can be changed; lost smartcards
can be revoked and replaced. How do you revoke a finger?"
2008 Apr 24, 9:41
This is a CAPTCHA in which you must id the center of subimages in a collage and then choose the correct caption for a second a photo. It took me seven tries to click close enough to the center of a
subimage. I'm human I swear! Lame implementation.
2008 Apr 7, 2:55
"The PHP OpenID library lets you enable OpenID authentication on sites built using PHP."
2007 Nov 28, 4:43
How to use FOAF and OpenID together and how DIG used that as a basis for commenting on their blog.
2007 Sep 11, 12:01 2007 Mar 19, 3:13
Documentation on setting up SSH to use keys.
2007 Mar 13, 3:54
A blog article on creating group OpenIDs.
2007 Mar 13, 3:53
A service that provides anonymous OpenIDs with no authentication.
2007 Mar 13, 3:53
The OpenID Specification
2007 Mar 13, 2:08
OpenID is an open identification system for the Internet in which anyone can participate.
2007 Mar 13, 7:57
I had a few thoughts after reading about OpenID
. However, after doing only a very small amount of digging I can see these aren't new thoughts.
Have an OpenID that anyone can use because it performs no authorization. You'd specify a URI like http://deletethis.net/anonymousopenid/yournamehere and you'd immediately get an anonymous OpenID
associated with that URI. This has already been implemented by Jayant Gandhi.
Have an OpenID that consists of a group of member OpenIDs. To login as the Group OpenID you need to login with any of the member OpenIDs. This is discussed more by Dmitry Shechtman on his blog.
I find that I already have a couple of OpenIDs without even trying due to AOL giving out OpenIDs. I'd like for all of my
OpenIDs to point to one canonical OpenID. It looks like this may already be possible by the OpenID
I guess I'm a little late to the scene.