Friday, May 30, 2008

Students crack Microsoft CardSpace

Pre-Script: Please check out Kim's comment to this post and his blog for more details on this "breach": http://www.identityblog.com

This is a good thing. The more people looking at the security of CardSpace the better. The end result will be a more secure solution...

Students at the Ruhr University of Bochum, Germany, say they have found a way to steal security tokens in Microsoft's new CardSpace authentication framework. Attackers can apparently get access to protected, encrypted user data – such as passwords, credit card numbers, and delivery addresses – when they are transmitted.

http://www.heise-online.co.uk/news/Students-crack-Microsoft-CardSpace--/110823

Technorati Tags:
, , , ,

1 comment:

Anonymous said...

Jackson, please check out my post at http://www.identityblog.com.

The "breach" is not actually demonstrated. One must manually turn off the computer's defenses in order to assist the students. The student attack is not self contained, but requires two simultaneous and unspecified attacks to work.