{"id":988,"date":"2008-06-01T08:29:00","date_gmt":"2008-06-01T16:29:00","guid":{"rendered":"\/?p=988"},"modified":"2008-06-01T10:36:37","modified_gmt":"2008-06-01T18:36:37","slug":"how-to-set-up-your-computer-so-people-can-attack-it","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=988","title":{"rendered":"How to set up your computer so people can attack it"},"content":{"rendered":"<p>As I\u00a0said in the <a href=\"\/?p=987\">previous post<\/a>, the students from Ruhr Universitat who are <a href=\"http:\/\/idw-online.de\/pages\/de\/news262820\">claiming <\/a>discovery of\u00a0security vulnerabilities in CardSpace did NOT &#8220;crack&#8221; CardSpace.<br \/>\n\u00a0<br \/>\nInstead, they created a\u00a0demonstration that requires the computer&#39;s owner to consciously disable the computer&#39;s defenses through complex configurations &#8211; following a recipe they published on the web.<\/p>\n<p>The students are not able to undermine the system without active co-operation by its owner.\u00a0<\/p>\n<p>You might be thinking a user could be tricked into accidently cooperating with the attack..\u00a0 To explore that idea, I&#39;ve\u00a0captured the steps required to enable the attack in <a href=\"\/wp-content\/images\/2008\/05\/Students\/Students.html\" class=\"broken_link\">this video<\/a>.\u00a0 I suggest you look at this yourself to judge the students&#8217; claim they have come up with a &#8220;practical attack&#8221;.<\/p>\n<p><a href=\"\/wp-content\/images\/2008\/05\/Students\/Students.html\" class=\"broken_link\"><img loading=\"lazy\" border=\"0\" vspace=\"5\" width=\"386\" src=\"\/wp-content\/images\/2008\/05\/Students\/how_to.jpg\" height=\"294\" \/><\/a><\/p>\n<p>\u00a0In essence, the video shows that a sophisticated computer owner is able to cause her system to be compromised if she chooses to do so.\u00a0 This is not a &#8220;breach&#8221;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A tutorial on configuring your computer so it can be taken over by students from Ruhr Universitat<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[63,21,16,13,64],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/988"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=988"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/988\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}