Re: OT: Smartcards and Physical Security [Was: Re: Backport of the integer overflow in the brk system call]
On Wed, Dec 03, 2003 at 12:20:59AM -0800, Don Armstrong wrote:
> On Tue, 02 Dec 2003, Tom wrote:
> > Yes but the attacker did not "steal" the DD's computer. He rooted it
> > remotely.
>
> So the machine is rooted remotely, the DD logs into a debian box even
> using our new fangled smart cards, and the attacker still can control
> the connection.
Not while the smart card isn't inserted.
>
> In this particular intrusion vector, the use of a smart card merely
> means that the attacker has to trojan the ssh binary on the
> compromised machine and use it to run a command that opens a shell
> under the DD's uid on a non-privledged port, thus circumventing the
> smart card in its entirety.
I don't understand this objection, but it seems valid. Could you
explain?
>
> If you log into a machine from a compromised machine using any means I
> can forsee today, the attacker can always control the account of the
> machine logged into, because the attacker effectively become the user
> of the machine.
>
Yes, I always warned my employer that all I have to do is own your
machine before you plug in your smart card, leave a logic bomb to do
something while you're connected, wait for you to hang up and then
report back.
But it's all layers, layers, layers. More layers = better, none is a
panacea. Have you ever used smartcards? I think that the more layers
the better.
Reply to: