Security App For the New German Personal ID Hacked 93
prefec2 writes "On Nov. 1st Germany started to issue new personal ID cards which include a security chip. In combination with a reading device and an application on a PC at home, secure transactions can be made. However, the required application can be compromised using DNS spoofing and a wrong SSL certificate (article in German)."
What is the appropriate system, then? (Score:2, Interesting)
If you have need for such an identification card and trackable number within the government database to allow you access to government services such as healthcare, what is the best identification system in that case?
The new ID sounds good - really! (Score:5, Interesting)
First, to TFA: there is no problem with the ID itself, just with the security of the special PC software than can work with them. As most /.ers know, there is quite a hacker community in Germany, and these problems are really not too bad. In order to compromise the software you first have to do a DNS hack, then fake a certificate, then... In a nutshel, yes, there are problems, but they aren't too bad and will be relatively easy to fix.
The ID itself is really cool. Among other things, it supports secured anonymous transactions. How many governments are there that willingly support anonymity for their citizens?
Re:Can someone explain, bitte? (Score:2, Interesting)
Very bad PR, but nothing extraordinary (Score:3, Interesting)
This is very bad PR for the new ID, but neither the ID card nor the software has been hacked yet. This is just another way to install some malware on a computer.
I have no doubt though that worse things will happen. The mistakes made here are so glaringly obvious that it's hard to believe that there aren't other holes to be found.