Simon Willison’s Weblog

Subscribe

Friday, 19th January 2007

The NHL’s All-Star voting disaster. The NHL ran an online poll to decide which players are picked for their All-Star Game. The only authentication was a poorly implemented CAPTCHA. Unsurprisingly, it got gamed.

# 9:50 am / gaming, nhl, security, captcha, stupid

MySpace Blocking Widgets? Making your business dependent on revenue from MySpace is sharecropping of the worst possible kind.

# 9:54 am / myspace, sharecropping, widgets

Introducing: World Explorer and TagMaps. “Can we automatically extract information from Flickr geotagged images to create a rich visualization of the world we live in? The answer is: you bet.”

# 9:55 am / yrb, tagging, flickr, maps

TagMaps. The toolkit behind the new YRB World Explorer, available to developers as a reusable Flash component.

# 10:01 am / tagmaps, worldexplorer, yrb, flash

Solving the OpenID phishing problem

Most of the arguments I hear against OpenID are based on mis-understandings of the specification, but there is one that can’t be ignored: OpenID is extremely vulnerable to phishing.

[... 531 words]

Links to academic papers on phishing. Posted to the openid-general list by Mike Beltzner.

# 5:32 pm / academic, openid, phishing

I can also sum things up for you even more succinctly:

  • users are task oriented, driving to complete the goal the
    quickest way possible
  • users pay more attention to the content area than the browser chrome
  • users don't understand how easy it is to spoof a website

Mike Beltzner

# 5:33 pm / openid, phishing