Terrell Russell: This Old Network » krotty http://weblog.terrellrussell.com Ideas on interconnections, identity, and information from all sides. Thu, 22 Dec 2011 15:31:03 +0000 en hourly 1 http://wordpress.org/?v=3.1.3 OpenIDs at LiveJournal leaking auth info http://weblog.terrellrussell.com/2007/05/openids-at-livejournal-leaking-auth-info/ http://weblog.terrellrussell.com/2007/05/openids-at-livejournal-leaking-auth-info/#comments Thu, 24 May 2007 02:11:26 +0000 Terrell Russell http://weblog.terrellrussell.com/2007/05/openids-at-livejournal-leaking-auth-info/ Joseph Petviashvili (krotty), creator of the Skype-based Bitchun Society, writes today about his detection that LiveJournal is leaking his auth info via the check_immediate feature in OpenID. I haven’t seen any other discussion of this. Can anyone confirm?

open id from livejournal is not safe

If you are logged in to livejournal, that information can be shared with third parties without your consent through OpenID. Right now livejournal.ru and kommersant.ru are doing it.

Have not found a way to disable it, they are using http://www.livejournal.com/openid/server.bml?openid.mode=checkid_immediate and livejournal is giving out my auth info without asking…

]]> http://weblog.terrellrussell.com/2007/05/openids-at-livejournal-leaking-auth-info/feed/ 5