Identity X-file 0x01

I love this story…

How girl, 6, hacked into MP’s Commons computer

I assume a physical keyboard logger like this could still be used to steal an IdP username & password, even with all the secure desktop stuff that the CardSpace client has built in…

(story via Authentication World)

~ by Pamela on 25 Mar 07.

4 Responses to “Identity X-file 0x01”

  1. While the comment regarding stealing someone’s IdP credentials is technically correct, it’s not the whole story and I would not want to see folks argue a lot about how to solve that “authentication” step.

    Isn’t the real security problem with keystroke loggers that the miscreant can obtain information that was typed in after that initial step? E.g. they can obtain what was typed into that confidential email message or something similar.

  2. Heh, I’m all for arguing, whether it’s a subcase or not, I don’t see the harm in it…

    Information is information. IdP passwords and damaging emails, it’s all just a bitstream that has to be parsed. I would ask what the difference is between an email loaded directly into a keyboard logger and an email that an attacker reads and downloads as a result of stealing the user’s email password?

  3. You’re correct; CardSpace doesn’t fix this problem. It’s fundamentally an analog hole problem.

    The omnipotent, omniscient, and omnipresent adversary is a tough one (“For there is nothing covered that shall not be revealed, and hid, that shall not be known” – Matt. 10:26); the bad guy sitting next to you as you work is a good simulation of that adversary.

  4. […] Here is a strange one via Pamela Dingle’s eternal optimist: […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: