On 17/01/12 17:30 PM, Steven Bellovin wrote:
On Jan 17, 2012, at 1:16 46AM, Peter Gutmann wrote:
Arshad Noor<[email protected]> writes:
A good analysis of the attack:
http://labs.alienvault.com/labs/index.php/2012/when-the-apt-owns-your-smart-cards-and-certs
Interesting that we're finally starting to see these appear in practice,
there's been a whole string of papers on MITM'ing smart cards (mostly in
German, and related to online banking), but this is the first one I've seen
that goes beyond proof-of-concept.
Yah. I mentioned the possibility in a talk at least 15 years ago, but
I haven't seen one in the wild, either.
Yes. I get the feeling that this is a fundamental shift in attack /
threat environment. It is as if before was all theoretical, and now it
becomes real. 2011 seems to be a watershed? So, systems that were in
the past seen as secure because they never faced a threat are now likely
going face the music.
It's a bit like economics and finance. Predictions before the fact were
washed out in the general noise of buy, buy, buy... And predictions
after the fact aren't so satisfying :)
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography