calendar
« Apr12345678910111213141516171819202122232425262728293031 Jun »

German Students Break CardSpace Security

Dieser Text ist im Cache von metaowl.de - das Original ist hier zu finden.
Three students from the Ruhr-University Bochum in Germany were able to intercept the security tokens and, based on that, read the plain text of the cards' content, e.g. name, credit card number and other things. They basically did this by means of an extended man-in-the-middle attack through DNS manipulation:
We study the security of Cardspace and show that the browser-based protocol is susceptible to attacks, where the adversary steals the security token. Consequently, we prove evidence that users are impersonatable and the one who potentially suffer from identity theft. We confirm the practicability of the attack by presenting a proof of concept implementation. Finally, we discuss countermeasures, addressing both the CardSpace identity metasystem and the protocol.
See the short description and the full report (pdf).

Heise Security tried to reproduce the attack without success, though. Microsoft is already working on a solution.
von Ralf Bendrath, gepostet am Mittwoch, 28. Mai 2008 um 17:43
Aufgrund der Textinhalte könnten folgende Beiträge thematisch zu diesem Beitrag passen:
Stoppt die Vorratsdatenspeicherung! Jetzt klicken & handeln!Willst du auch bei der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien: