Twitter / mailforlen

Newly leaked info

« combatting insider misuse | HomePage | Belgian site hacked and used as a phish site »

10/26/2008

New EID privacy protection already bypassed ?

In the EID forum of university researcher Danny Decock some people complained that in the new middleware the privacy firewall was directly enforced and enabled. This was the response on our video that showed that with a small change in the registry one can make any application authorized to read all the data on the EID without any warning.

The forum shows how to disable the new protection with some very simple code. So the new protection does not really solve anything and ain't so hard as it was announced to be - even if it is months to late and it is not clear at all how the older versions of the middleware will be upgraded.

Popup warning about/preventing eid card accesses...

  • When using this link http://b-eid.com/project/?p=contact there is always a popup that asks "een webapplicatie vraagt toegang tot uw kaart". Is there no way that I can put firefox a.o. as allowed applications ... ?? -- AnonYmous - 14 Oct 2008, 11:50:55
  • The eid card middleware is responsible for this popup... I am checking out how to control this... -- DannyDeCock - 14 Oct 2008, 14:43:38
  • http://eid.belgium.be/nl/binaries/Release%20notes%20eID%20middleware%20v3%205_tcm147-22546.pdf
    ...tries to read the public data from the eID card, a warning dialog is displayed, informing the user and asking her/his permission. The dialog is displayed only once during the lifetime of the application.
    ... only once during the lifetime of the application ... ???
    This is not working, I get the popup every time ...
    -- AnonYmous - 15 Oct 2008, 08:47:16
  • Deze html code geeft geen popups (althans niet in IE explorer 7)

<form name="actionform"> <applet codebase="." archive="beidlib.jar"

code="be.belgium.eid.BEID_Applet.class" name="BEIDApplet" align="middle"

height="180" hspace="0" vspace="0" width="140"> <param name="Reader"

value=""> <param name="OCSP" value="-1"> <param name="CRL" value="1">

<param name="DisableWarning" value="true"> </applet></form>

Ben DE CAT (www.smarteid.be) -- AnonYmous - 21 Oct 2008, 16:10:55
  • Inderdaad, 
<param name="DisableWarning" value="true">
toevoegen en je bent van die vervelende popup af. Werkt ook in FF3; Google Chrome moet ik thuis nog effe proberen. 
Met dank ... -- AnonYmous - 22 Oct 2008, 12:22:07 
so If I understand it correctly I maka e webpage with a form that has the following code and the user won't see any popup code ? Waah, explain that to a phisher....

















22:58 | Permalink  | Comments (0)  | Email this
|  |   del.icio.us
| 


 | Digg! Digg |  Facebook 













Post a comment