On Jan 17, 2012, at 1:16 46AM, Peter Gutmann wrote:
> Arshad Noor <[email protected]> writes:
>
>> A good analysis of the attack:
>>
>> http://labs.alienvault.com/labs/index.php/2012/when-the-apt-owns-your-smart-cards-and-certs
>
> Interesting that we're finally starting to see these appear in practice,
> there's been a whole string of papers on MITM'ing smart cards (mostly in
> German, and related to online banking), but this is the first one I've seen
> that goes beyond proof-of-concept.
>
Yah. I mentioned the possibility in a talk at least 15 years ago, but
I haven't seen one in the wild, either.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography