Microsoft .net slammed over smartcard security

[InfoSec News <isn () C4I ORG>]

http://www.computerweekly.com/cwarchive/daily/20000706/cwcontainer.asp?name=C4.HTML&SubSection=6

ComputerWeekly.com 6 July 2000

Only two weeks after its announcement, Microsoft's .net strategy
vision has been slammed by IT analysts for having a poor security
model. Microsoft sees smartcards based on Windows technology as an
essential component to its .net software services.

"Smartcards are an enabling technology in Microsoft's .net vision,
providing an affordable and effective way to increase the security of
computing," said Microsoft President and CEO Steve Ballmer.

But Alexander Kopriwa, programme director international at Ovum said,
"Windows for Smart Cards does not have high security. Cards can easily
be hacked into and third party security is needed."

Microsoft's security model would be sufficient for photocopying cards,
but would not provide strong enough security for financial
applications, he said. Kopriwa believes that rival smartcard operating
systems MultOS and Java Card offer greater security. Microsoft also
released Windows for Smart Card Toolkit 1.1 that includes support for
GSM (Global System for Mobile Communication).

But Renaath Himp, Microsoft Windows development manager defended the
security system. He said Windows for Smart Cards would include
cryptographic functions as well as using secure chips. Microsoft will
submit the smartcard system to security standards bodies within six
months, he said.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".