Using attacks similar to those used to break .Net PassPort, a group of students at the Ruhr Universitat Bochum in Germany claim to have stolen CardSpace's security tokens from a compromised machine. But Microsoft dismisses the attack, saying an attacker would need a user's help.
CardSpace is included within .NET Framework 3.0 and allows users to create personal information cards that are shared with participating Web sites for authentication. A user creates a CardSpace card for a site and the .NET software then obtains a digitally signed XML token from the site issuer. What the students in … Read more