On Thu, Dec 04, 2003 at 06:13:49PM -0500, Matt Zimmerman wrote: > > Not really; he just has to set things up ahead of time. This is like > claiming the attacker has to be present in order to sniff your password from > a telnet session (he doesn't; he just has to have been around at any time > before then in order to set up a sniffer).
That's totally true. It's not the way this attack happened though. All I know is it's a layer and experts say layered defense is best. I still think it would discourage the cracker. A lot of the "open a netcat over the exposed pipe" tricks wouldn't work iff the smartcard auth stack wasn't compromised -- the netcat couldn't get auth'd, and the server wouldn't buy it. The problem now is a pipe is a pipe. Just rambling... I'm sure there's tons of holes in what I just said.