Re: German eID

On 02/08/2011 02:05 PM, Martin Gaedke wrote:
> Sorry for being silent this morning, I just bought one of those simple and
> insecure readers to play with. It is a REINER SCT cyber Jack RFID basis
> Contactless Smartcard Reader.

Our good friends at the Chaos Computer Club have already played with the 
system for quite a while:

They forced the german ministry to pull back the official application as 
it lacked some fundamental security stuff (they didn't check the cert 
chain when connecting to https, allwoing MITM to be performed in very 
simple ways etc.)


Received on Tuesday, 8 February 2011 13:24:23 UTC