RSA SecurID SID800 Token vulnerable by design
Sean W. Smith
sws at cs.dartmouth.edu
Sat Sep 9 09:06:36 EDT 2006
One can have a lot of fun with key-wielding tokens, especially on
Windows. See:
J. Marchesini, S.W. Smith, M. Zhao.
"Keyjacking: the Surprising Insecurity of Client-side SSL."
Computers and Security.
4 (2): 109-123. March 2005.
http://www.cs.dartmouth.edu/~sws/pubs/msz05.pdf
--Sean
Sean W. Smith sws at cs.dartmouth.edu www.cs.dartmouth.edu/~sws/
Department of Computer Science, Dartmouth College, Hanover NH USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list