[joomla] RE: $5 securid authentication hack
Anthony Ferrara
ircmaxell at yahoo.com
Wed Oct 17 11:28:28 EDT 2007
If I saw this on a site, I would laugh, and close the
browser... I'm not inputing PayPal info into a 3pd
website... What I am sugesting is creating a SSO
website, where you order a "Fob", and it has the
API... So you log in to that site (without a
password), and it authenticates you against that
remote SSO server...
--- "Jonathan M. Slivko" <jonathan at slivko.org> wrote:
> Do we know if there's an API of sorts for "official"
> 3rd party integration?
> -- Jonathan
>
> -----Original Message-----
> From: Rolan Yang [mailto:rolan at omnistep.com]
> Sent: Wednesday, October 17, 2007 10:25 AM
> To: NYPHP SIG: Joomla
> Cc: jonathan at slivko.org
> Subject: $5 securid authentication hack
>
> At the Joomla Day during the security breakout
> session, the discussion
> drifted towards various methods of login
> authentication. The topic of
> SecurId was mentioned as being an expensive
> alternative. I just noticed
> today that Paypal is offering a SecurId keychain fob
> for $5. It would be
> simple to write a small php authentication function
> which acted as a
> proxy to paypal, accepting an email, password, and
> securId code, sending
> a off a https request, parsing the response and
> returning an TRUE or
> FALSE authenticated result.
>
> One caveat: if your website security is
> compromised, any paypal
> information submitted could be divulged, so if you
> plan to test this in
> an insecure environment, it's best for users to open
> up a new unfunded
> paypal account not linked to any bank.
>
> I'll post some sample code when my Paypal securId
> arrives in the mail :)
>
> ~Rolan
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Joomla
mailing list