W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

Re: German eID

From: Jan Wildeboer <jan@wildeboer.net>
Date: Tue, 08 Feb 2011 14:23:52 +0100
Message-ID: <4D5143E8.90508@wildeboer.net>
To: Martin Gaedke <martin.gaedke@informatik.tu-chemnitz.de>
CC: 'Henry Story' <henry.story@bblfish.net>, 'WebID XG' <public-xg-webid@w3.org>
On 02/08/2011 02:05 PM, Martin Gaedke wrote:
> Sorry for being silent this morning, I just bought one of those simple and
> insecure readers to play with. It is a REINER SCT cyber Jack RFID basis
> Contactless Smartcard Reader.

Our good friends at the Chaos Computer Club have already played with the 
system for quite a while:

http://www.h-online.com/security/news/item/CCC-reveals-security-problems-with-German-electronic-IDs-1094577.html

They forced the german ministry to pull back the official application as 
it lacked some fundamental security stuff (they didn't check the cert 
chain when connecting to https, allwoing MITM to be performed in very 
simple ways etc.)

Jan
Received on Tuesday, 8 February 2011 13:24:23 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC