Il 25/09/2012 11:50, Peter Stuge ha scritto: >> IIUC that bit is not authenticated, so a MITM attack can force both the >> reader and the card think the other party doesn't support PIN auth, >> making the card sign the transaction anyway, regardless the amount >> involved. So IMVHO it's quite serious... > http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf Tks. That's the (or one of) article I remembered but couldn't find...
BYtE, Diego. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel