The dangers of CSS iframe overlays

Hi all

I've create a proof of concept which highlights the problem of
single sign on providers not providing iframe protection and
remembering the password.

The demo uses a Verisign account (It was the first provider I found
without iframe protection)

<http://www.thespanner.co.uk/2007/09/28/openid-security-css-
overlays/>

Cheers

Gareth

_______________________________________________
security mailing list
security@...
http://openid.net/mailman/listinfo/security