comment page for
blogs and articles
Enter any name (or email address):
Verified when you submit.
Your entry up to the @ will be shown as the comment author. Email addresses are optional. Addresses are encrypted and never revealed and never used for spam. See the
OpenID users, check this!
Your nickname will be shown as the comment author. Email addresses are encrypted and never revealed and never used for spam. See the
Enter your comment here, to appear below the original article.
Solve the simple anti-spam puzzle:
send a request
Cancel (return to the blog)
Original article and comments:
I have a box fetish...
(Wed, 01 Aug 2006 12:00:02 GMT)
Comment from 5kewvs9o on Sat, 21 Nov 2015 17:39:04 GMT:
Thanks for the heads-up on this phishing theard, Edward, it's very interesting reading. (Did I just call a security theard interesting? What is happening to me???)It strikes me, though, that beyond (potentially) spoofing someone's identity in comments on a blog, there isn't much that can be done with a stolen OpenID identity? Also, since it is in the nature of phishing attacks that the phisher has little or no control over whose identity is being hijacked, it makes the value of impersonating J. Random Blog-Commenter moot. Or am I missing something important?
Coming soon: I'd like to incorporate
, a free service that associates avatars with email addresses. So, if you enter an email address, my blog can show your avatar and you don't have to register with gocek.org. But I'm concerned about impersonation, so I also plan to support
, another free service that provides authentication. OpenID means that you can register with one OpenID provider, and then use that login with any other site that supports it, and OpenID is becoming popular. This means that gocek.org does not need to have its own user registrations, but the blogs can verify that the user is who he or she claims to be. The blogs will still take anonymous comments, but will note that some comments were left by "verified" users.