NYCPHP Meetup

NYPHP.org

[joomla] RE: $5 securid authentication hack

Jonathan M. Slivko jonathan at slivko.org
Wed Oct 17 11:33:15 EDT 2007 

.... I mean while taking PayPal out of the loop.
-- Jonathan

-----Original Message-----
From: joomla-bounces at lists.nyphp.org [mailto:joomla-bounces at lists.nyphp.org]
On Behalf Of Anthony Ferrara
Sent: Wednesday, October 17, 2007 11:28 AM
To: NYPHP SIG: Joomla
Subject: Re: [joomla] RE: $5 securid authentication hack

If I saw this on a site, I would laugh, and close the
browser... I'm not inputing PayPal info into a 3pd
website... What I am sugesting is creating a SSO
website, where you order a "Fob", and it has the
API... So you log in to that site (without a
password), and it authenticates you against that
remote SSO server...
--- "Jonathan M. Slivko" <jonathan at slivko.org> wrote:

> Do we know if there's an API of sorts for "official"
> 3rd party integration?
> -- Jonathan
> 
> -----Original Message-----
> From: Rolan Yang [mailto:rolan at omnistep.com] 
> Sent: Wednesday, October 17, 2007 10:25 AM
> To: NYPHP SIG: Joomla
> Cc: jonathan at slivko.org
> Subject: $5 securid authentication hack
> 
> At the Joomla Day during the security breakout
> session, the discussion 
> drifted towards various methods of login
> authentication. The topic of 
> SecurId was mentioned as being an expensive
> alternative. I just noticed 
> today that Paypal is offering a SecurId keychain fob
> for $5. It would be 
> simple to write a small php authentication function
> which acted as a 
> proxy to paypal, accepting an email, password, and
> securId code, sending 
> a off a https request, parsing the response and
> returning an TRUE or 
> FALSE authenticated result.
> 
> One caveat:  if your website security is
> compromised, any paypal 
> information submitted could be divulged, so if you
> plan to test this in 
> an insecure environment, it's best for users to open
> up a new unfunded 
> paypal account not linked to any bank.
> 
> I'll post some sample code when my Paypal securId
> arrives in the mail :)
> 
> ~Rolan
> 
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
New York PHP SIG: Joomla! Mailing List
http://lists.nyphp.org/mailman/listinfo/joomla

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php

More information about the Joomla mailing list