[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Smartcards and Physical Security [Was: Re: Backport of the integer overflow in the brk system call]

On Wed, Dec 03, 2003 at 12:20:59AM -0800, Don Armstrong wrote:
> On Tue, 02 Dec 2003, Tom wrote:
> > Yes but the attacker did not "steal" the DD's computer.  He rooted it
> > remotely.
> So the machine is rooted remotely, the DD logs into a debian box even
> using our new fangled smart cards, and the attacker still can control
> the connection.

Not while the smart card isn't inserted.

> In this particular intrusion vector, the use of a smart card merely
> means that the attacker has to trojan the ssh binary on the
> compromised machine and use it to run a command that opens a shell
> under the DD's uid on a non-privledged port, thus circumventing the
> smart card in its entirety.

I don't understand this objection, but it seems valid.  Could you 

> If you log into a machine from a compromised machine using any means I
> can forsee today, the attacker can always control the account of the
> machine logged into, because the attacker effectively become the user
> of the machine.

Yes, I always warned my employer that all I have to do is own your 
machine before you plug in your smart card, leave a logic bomb to do 
something while you're connected, wait for you to hang up and then 
report back.

But it's all layers, layers, layers.  More layers = better, none is a 
panacea.  Have you ever used smartcards?  I think that the more layers 
the better.

Reply to: