From: Dirk-Willem v. G. <di...@we...> - 2015-06-04 09:37:48
|
On 04 Jun 2015, at 11:16, Frank Morgner <mo...@in...> wrote: > We've discussed this kind of issue earlier. Yes, we need to fix those issues if we can. In the past couple of month we fixed a lot of issues that were discovered by static code analysis, for this reason. However, we still believe that a malicious card requires more or less physical access to the machine. With this premise there are a number of problems arising that are currently more likely to be exploited. Right - may be good to stress here that in this case the original vector was RFID ‘cards’. We’re fairly sure it was a virtual card/emulated thing - and likely not physically that near either. Dw. |