According to Neowin, computing students at the University of Bochum, Germany, have worked out how to retrieve vital security tokens from Microsoft's CardSpace framework. CardSpace is highly tipped to be the successor to Windows Live ID (Passport) and making passwords a relic of the Cold War, using self-signed or certificate authority signed digital certificates stored on the local machine as proof of who you are. The report states by many means of manipulating the DNS service, including anti-DNS pinning or DNS spoofing, these are all ways of taking the security tokens from a CardSpace file. Heise Online which reported this story, almost encourage you to try this out. Considering this major security flaw has been brought to light instead of...