[HGI-news-int] Young Researchers from HGI thwart CardSpace Authentication
English Newsletter of the Horst Gö rtz Institute of IT Security in Bochum
hgi-news-international at lists.ruhr-uni-bochum.de
Fri May 30 13:16:45 CEST 2008
Two young researchers at Horst Görtz Institute for IT-security, Ruhr
University Bochum have shown how to break Microsoft's novel identity
management system CardSpace. They demonstrate not only the theoretical
feasibility, but also the attack's practicability in of proof of concept
that CarSpace does not guard against identity theft. More information
detailing the attack and countermeasures can be found in their Technical
Report.
Various applications can make use of CardSpace including commodity
browsers like Microsoft Internet Explorer 7 or Firefox 2 (with some
add-on). Many global players (e.g., Google, Yahoo, Verisign) have
already announced to work closely with CardSpace, hence CardSpace has
the potential to become widely deployed on the Internet and replace the
mature password-based authentication in many promising scenarios from
eCommerce to eHealth or eVoting applications.
(Source:
http://www.alphagalileo.org/index.cfm?fuseaction=readrelease&releaseid=529678&ez_search=1
)
Technical Report and Demo:
http://demo.nds.rub.de/cardspace
Press release:
http://demo.nds.rub.de/cardspace/PR-HGI-TR-2008-003-EN.pdf
More information about the HGI-News-International
mailing list