do it. think it. blog it! ... a twisted world

« Infocard for Wordpre... | Main | Higgins On RollerWeb... »

Monday Mar 13, 2006

Browse HAPPY

I just logged into Kim's blog (www.identityblog.com) using a InfoCard and was redirected to his Blog Admin page.


click to enlarge

What was interesting was that at the bottom of the blog admin page was a link to browsehappy.com.

click to enlarge

The first page of browsehappy.com has text that reads as : "Internet Explorer can make your computer unsafe. Why not switch to a browser that's more secure?".

I read that and thought.... {{{nothing}}} I Know, I Know, browsehappy.com and wordpress are interlinked...

ALSO: I sent an infocard with Kim's own FirstName, LastName and email address (because from Kim's infocard invoker code, I saw that the only info he requested from an infocard was just the firstname, lastname and email address) and was able to login with that infocard too. However either with my own infocard or with a FAKE infocard with Kim's own info, I could not do much on the site. But the point is that regardless of the authenticity of the user, a "user" was provisioned on his blog.


click to enlarge

QUESTION: what if millions of users or a BOT did that?. Would Kim "provision" all of them on his local DB ??

Tasteless Joke: InfoCard can be good business for the storage folks.

PS: I HAD to use Internet Explorer 7 to be able to use infocard. No Standard Web browser would work. (at least for now)
Interesting aye !! ;-)

Posted at 11:46AM Mar 13, 2006 by Rohan Pinto in Fun | Comments[6] | Permalink

Comments:

Can't the relying party specify to only accept digital identities from a specific IP? If so, then wouldn't this prevent the spoofing that you are talking about. If the relying party is willing to accept self generated InfoCards they will get trash and I would think also be expected. As far as eliminated passwords, the IP can require a kerberos validation. Personally, I think the use of a smartcard device that acts in the role of IP is the way to go.

Posted by Jay Potter on March 15, 2006 at 02:16 PM EST #

Hi Jay,

IP addresses can be spoofed more easily.......

Posted by Rohan Pinto on March 15, 2006 at 03:20 PM EST #

Is it the case that the identities being allowed to login have to be preauthorized in some way, or is this allowing people to create accounts 'on the fly' on Kim Cameron's blog?

Posted by Nicholas Cotton on March 18, 2006 at 10:58 AM EST #

Hi Nicholas, the accounts are created on the fly. But there also is a subscription email confirmation thats required. Confirming the email address "probably" adds a role to the userprofile that has been "pre-provisioned" to "contributor" from "subscriber". Thats just a hunch....

Posted by Rohan Pinto on March 19, 2006 at 11:29 AM EST #

buy cheap nokia n95 experience without nokia mobile learning is better than learning without excperi-ence. I have nokia 6300 but one lamp wait which my feet are guided; and that bose headphones is the lamp of experience. I know of no way of judging of the future but by the apple touch past. http://www.leadsoftstore.com/

Posted by GHD Straighteners on September 22, 2009 at 10:25 AM EDT #

<a href="http://www.buddyugg.com/"><strong>Ugg boots on sale</strong></a>!A large quantity of genuine <a href="http://www.buddyugg.com/"><strong>ugg boots</strong></a> for clearance sale styles have ugg classic short,genuine ugg boots sale,<a href="http://www.buddyugg.com/"><strong>cheap ugg boots</strong></a>,ugg boots online! <br>

Posted by welltony on November 12, 2009 at 09:01 PM EST #

Post a Comment:
  • HTML Syntax: NOT allowed

About This Weblog

Author: Rohan Pinto

Archives

« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today

Feeds

Search

Currently Surfing

My Bookmarks

Other Blog Links

Today's Page Hits: 410