[cryptography] Sykipot variant hijacks DoD and Windows smart cards
iang at iang.org
Tue Jan 17 02:50:19 EST 2012
On 17/01/12 17:30 PM, Steven Bellovin wrote:
> On Jan 17, 2012, at 1:16 46AM, Peter Gutmann wrote:
>> Arshad Noor<arshad.noor at strongauth.com> writes:
>>> A good analysis of the attack:
>> Interesting that we're finally starting to see these appear in practice,
>> there's been a whole string of papers on MITM'ing smart cards (mostly in
>> German, and related to online banking), but this is the first one I've seen
>> that goes beyond proof-of-concept.
> Yah. I mentioned the possibility in a talk at least 15 years ago, but
> I haven't seen one in the wild, either.
Yes. I get the feeling that this is a fundamental shift in attack /
threat environment. It is as if before was all theoretical, and now it
becomes real. 2011 seems to be a watershed? So, systems that were in
the past seen as secure because they never faced a threat are now likely
going face the music.
It's a bit like economics and finance. Predictions before the fact were
washed out in the general noise of buy, buy, buy... And predictions
after the fact aren't so satisfying :)
More information about the cryptography