- From: Jan Wildeboer <jan@wildeboer.net>
- Date: Tue, 08 Feb 2011 14:23:52 +0100
- To: Martin Gaedke <martin.gaedke@informatik.tu-chemnitz.de>
- CC: 'Henry Story' <henry.story@bblfish.net>, 'WebID XG' <public-xg-webid@w3.org>
On 02/08/2011 02:05 PM, Martin Gaedke wrote: > Sorry for being silent this morning, I just bought one of those simple and > insecure readers to play with. It is a REINER SCT cyber Jack RFID basis > Contactless Smartcard Reader. Our good friends at the Chaos Computer Club have already played with the system for quite a while: http://www.h-online.com/security/news/item/CCC-reveals-security-problems-with-German-electronic-IDs-1094577.html They forced the german ministry to pull back the official application as it lacked some fundamental security stuff (they didn't check the cert chain when connecting to https, allwoing MITM to be performed in very simple ways etc.) Jan
Received on Tuesday, 8 February 2011 13:24:23 UTC