• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Malware targeting ActivIdentity smart cards
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Malware targeting ActivIdentity smart cards

  • Subject: Re: [Fed-Talk] Malware targeting ActivIdentity smart cards
  • From: Ron Colvin <email@hidden>
  • Date: Fri, 13 Jan 2012 16:07:40 -0500
On 1/13/12 3:53 PM, Paul Nelson wrote: 
I don't see the Actividentity software or any third party middleware would be a vulnerability.  Just plain old Windows 7 has this vulnerability, and so does the Mac.  Any computer that can have a keylogger will have this vulnerability.

Once malware is present, you don't have a trusted computing base anymore (you probably never did).

The exploit as describes requires the continued presence of the card. Leaving the card in the reader can expose you to all sorts of replay attacks in addition to the ones described. Prefer the idea of authenticating the session with two-factor and an appropriate session termination based on the sensitivity of the data or system and re-authentication with the a re-insertion of the card for new activity.

Also where the card is also used for physical access as a flash pass it is better to take it out as well so it stays with the user rather than being left behind. That is contrary to FDCC/USGCB guidance which wants the workstation locked on smartcard removal. 

On Jan 13, 2012, at 2:11 PM, David Emery wrote:

Independent of the problems Windows has with vulnerabilities, this highlights the problems in depending on a 3rd-party add-on as an element of what should be your Trusted Computing Base!

...
With ActivIdentity as the target, the attacks are clearly aimed at U.S. defense departments, the Times added. But it's as yet unknown what information the hackers have so far been able to capture. 

		dave
-----
David Emery,  703 298 3473 (c) 703 272 7496 (fax)
Supporting PdM Software Integration




_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden



  _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



--


********************************************************
Ron Colvin CISSP, CAP, CEH
Certified Security Analyst
NASA - Goddard Space Flight Center
<email@hidden>
Direct phone 301-286-2451
NASA Jabber (email@hidden) AIM rcolvin13
NASA LCS (email@hidden)
********************************************************

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Re: [Fed-Talk] Malware targeting ActivIdentity smart cards (From: David Emery <email@hidden>)


 >Re: [Fed-Talk] Malware targeting ActivIdentity smart cards (From: Paul Nelson <email@hidden>)






    

  • Prev by Date:
Re: [Fed-Talk] Malware targeting ActivIdentity smart cards

    • 

  • Next by Date:
Re: [Fed-Talk] Malware targeting ActivIdentity smart cards

    • 

  • Previous by thread:
Re: [Fed-Talk] Malware targeting ActivIdentity smart cards

    • 

  • Next by thread:
[Fed-Talk] MacBook Pro Wierd Boot Behavior

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •