I am trying to understand how a site accepting OpenID logins cannot be hacked by simply updating the host file to point to a dummy OpenID provider.
Suppose, for example, that I want to hack Joe Smith's account, and for this example, let's assume its provider is OpenID http://jsmith.myopenid.com . Which would prevent me from creating an entry in my hosts file by pointing jsmith.myopenid.com to the IP address that I control. Then I would fake authentication and return a response saying that the user has successfully logged in.
I know that there will be an SSL mismatch warning in the browser, but since this is my browser, I could easily ignore it. How does the requesting website know that the response it receives is actually from the site that was requested?
This is like a basic attack, and I'm sure that the people behind included the solution in it, I just do not have to look for the right conditions to find the answer.
source share