Wow, there are some fantastically stubborn, yet civil minds in that thread. I li... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		callahad on July 16, 2010 \| parent \| context \| favorite \| on: Password crack [affecting OAuth and OpenID] could ... Wow, there are some fantastically stubborn, yet civil minds in that thread. I like Nate's reference to writing a blog post "to help people skip the standard progression of awareness to timing attacks." "Standard progression of awareness" is a wonderful term.

blasdel on July 16, 2010 | [–]

The reply in question: http://lists.openid.net/pipermail/openid-security/2010-July/...

brown9-2 on July 17, 2010 | [–]

Seriously. Kudos to Nate Lawson for being so patient in explaining the vulnerability he found in the developer's code to the developers themselves.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact