On 17/01/12 17:30 PM, Steven Bellovin wrote:
On Jan 17, 2012, at 1:16 46AM, Peter Gutmann wrote:

Arshad Noor<[email protected]>  writes:

A good analysis of the attack:

http://labs.alienvault.com/labs/index.php/2012/when-the-apt-owns-your-smart-cards-and-certs
Interesting that we're finally starting to see these appear in practice,
there's been a whole string of papers on MITM'ing smart cards (mostly in
German, and related to online banking), but this is the first one I've seen
that goes beyond proof-of-concept.

Yah.  I mentioned the possibility in a talk at least 15 years ago, but
I haven't seen one in the wild, either.


Yes. I get the feeling that this is a fundamental shift in attack / threat environment. It is as if before was all theoretical, and now it becomes real. 2011 seems to be a watershed? So, systems that were in the past seen as secure because they never faced a threat are now likely going face the music.

It's a bit like economics and finance. Predictions before the fact were washed out in the general noise of buy, buy, buy... And predictions after the fact aren't so satisfying :)

iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to