http://www.incontextblog.com/?p=39 Tue, 17 Aug 2010 02:42:36 +0000 http://wordpress.org/?v=2.9.1 hourly 1 http://www.incontextblog.com/?p=39&cpage=1#comment-7843 Robin Wilton Tue, 04 Nov 2008 11:09:36 +0000 http://www.incontextblog.com/?p=39#comment-7843 And how do you protect access to the URI, or the Information Card selector? Not with a password, surely..? ;^( And how do you protect access to the URI, or the Information Card selector? Not with a password, surely..? ;^(

]]> http://www.incontextblog.com/?p=39&cpage=1#comment-7147 Dirk Bruehl Tue, 12 Aug 2008 19:41:28 +0000 http://www.incontextblog.com/?p=39#comment-7147 Information Cards are only secure if there are real cards in use! Not only passwords, every security measure running only directly on a PC is vulnerable, and virtual ID-Cards (which are only data stored on your computer), are an invitation to pishers! They only have to upload this IC-Card from your Computer, and they have everything they like to have! Why? There is a not curable flaw: Everything running directly on a PC (specially with MS-Software) can be faked or spied on. The only thing which helps is an external ID (Card or USB-Dongle) with embedded Microprocessor which handles all the login communication with embedded cryptography and refuses to be spied on. I worked with the European eEurope Smart Card Initiative in 2000 and we discussed all the security problems - there is only one solution for real security: a device outside the computer, communicating with, but not affected by the Computer and/or the Internet! It is a myth that data on your computer are safe, even if big companies are involved and say so. Information Cards are only secure if there are real cards in use!
Not only passwords, every security measure running only directly on a PC is vulnerable, and virtual ID-Cards (which are only data stored on your computer), are an invitation to pishers! They only have to upload this IC-Card from your Computer, and they have everything they like to have!
Why? There is a not curable flaw:
Everything running directly on a PC (specially with MS-Software) can be faked or spied on.
The only thing which helps is an external ID (Card or USB-Dongle) with embedded Microprocessor which handles all the login communication with embedded cryptography and refuses to be spied on.
I worked with the European eEurope Smart Card Initiative in 2000 and we discussed all the security problems – there is only one solution for real security: a device outside the
computer, communicating with, but not affected by the Computer and/or the Internet!
It is a myth that data on your computer are safe, even if big companies are involved and say so.

]]>