Slashdot Mirror


Security App For the New German Personal ID Hacked

prefec2 writes "On Nov. 1st Germany started to issue new personal ID cards which include a security chip. In combination with a reading device and an application on a PC at home, secure transactions can be made. However, the required application can be compromised using DNS spoofing and a wrong SSL certificate (article in German)."

3 of 93 comments (clear)

  1. Re:What is the appropriate system, then? by Anonymous Coward · · Score: -1, Troll

    In that case you've already lost. This is Germany, right? Why don't they just cut to the chase and tattoo numbers on people's arms. Control is control. The purpose is irrelevant. When control is complete, the purposes always converge into the same thing.

  2. Another nice thing I just found by maxwell+demon · · Score: -1, Troll

    From here:

    Der Windows7-eigene Screenreader fängt beim Vorlesen die Eingaben über die Tastatur direkt ab. Dadurch wird auch die eingegebene PIN im Klartext vorgelesen.

    Translation: The Windows7 built in screen reader captures entries directly from the keyboard when reading. Therefore also the entered PIN is read aloud in cleartext.

    Which shows two things:
    (i) There should be a separate keypad on the card reader. You simply cannot trust the computer.
    (ii) Using Windows7 can lead to unexpected security holes even on non-compromised computers (after all, this should apply to anything expecting passwords). But then, it's from Microsoft, so that's somewhat expected :-)

    --
    The Tao of math: The numbers you can count are not the real numbers.