Attack Against Apache.org
This blog entry should serve as a model for open and transparent security self-reporting. I'm impressed.
More news reports.
Posted on April 27, 2010 at 1:26 PM
>how does this interact with the idea of OpenID?
I would have thought OpenID was a solution to this. Unless you logged in directly to your OpenID provider and their system was compromised, by having only a token rather than a username/password at each site aren't you rather more secure?
My understanding is that you authenticate the site at the OpenID end rather than entering any secret at each site.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.