Bitcoin Forum
September 25, 2018, 10:21:37 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: myopenid.com security flaw  (Read 1782 times)
alkor
Full Member
***
Offline Offline

Activity: 137
Merit: 100


View Profile
July 13, 2011, 12:08:15 AM
 #1

Intersango relies on myopenid.com for user identification. However, it has been reported in the past that myopenid ids can vanish for no reason. It has been discussed here for example:

http://meta.stackoverflow.com/questions/88451/myopenid-account-mysteriously-vanished

Most disturbing of all, once your account is deleted it can be recreated by another person, and they can log into all the sites that rely on your id.
1537914097
Hero Member
*
Offline Offline

Posts: 1537914097

View Profile Personal Message (Offline)

Ignore
1537914097
Reply with quote  #2

1537914097
Report to moderator
Einax Airdrops and Bounties made easy! List your ERC-20 token
FREE
ETH markets launching soon!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537914097
Hero Member
*
Offline Offline

Posts: 1537914097

View Profile Personal Message (Offline)

Ignore
1537914097
Reply with quote  #2

1537914097
Report to moderator
1537914097
Hero Member
*
Offline Offline

Posts: 1537914097

View Profile Personal Message (Offline)

Ignore
1537914097
Reply with quote  #2

1537914097
Report to moderator
Donald_Norman
Member
**
Offline Offline

Activity: 101
Merit: 10


View Profile
September 01, 2011, 12:05:33 PM
 #2

Hi,

I would like to point out that the title of the thread is a bit misleading. It is not an Intersango security flaw but one with myOpenID. I am not sure if myOpenID fixed the problem but as far as I know has never been an issue. Still the new version of Intersango does not rely on myOpenID
w1R903
Full Member
***
Offline Offline

Activity: 218
Merit: 100


View Profile
September 07, 2011, 06:08:09 PM
 #3

Please let's remember that myOpenID is only one of dozens of reputable Open ID providers.  If your site accepts OpenID, you might consider advising users to avoid myOpenID, but there's absolutely no reason to avoid OpenID altogether.  In fact, even if you don't trust any of the providers you find, with a little technical knowledge and a server, you can yourself become an OpenID provider (roll your own).

4096R/F5EA0017
joeyjoe
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
September 22, 2011, 10:16:46 AM
 #4

haha thats nothing, earlier this week i explained and demonstrated how easy it is to steal btc from there.

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!