Secure Login Form






Lost Password?
No account yet? Register
Home arrow Blog
Blog
YubiKey - Trust But Verify PDF Print E-mail
Friday, 06 August 2010

A little over a year ago I discivered a Yubikey Replay AttackThe YubiKey is a hardware authentication token that looks like a small USB memory stick, but it is actually a keyboard. With the command of an integrated touch button, the device can send a time-variant, secure login code as if it was typed in from a keyboard. And because USB-keyboards are standard on all computers the YubiKey works on all platforms and browsers without the need for client software.

I believe the YubiKey is the answer to many password / security problems we have. If you are not using a Yubikey are are not as safe as you could be. And it is easy.

Everyone should be using a Yubikey , LastPass and TrueCrypt.

I believe in the Trush NoOne  (TNO) ideal of information security. However, with a Yubikey you are required to trust Yubico. So,  If you can't trust them, you should Trust But Verify (TBV).  

Here is a simple script to verify Yubico has not slipped. About the only problem with Yubikey is the Replay Attack.

 

#!/usr/bin/perl
#use strict;
#use Yubico::Auth;
use LWP::Simple;

$id = "1";          # Your Yubikey ID here
$logfile = "./usedkeys";
@otp_list = "";
$x = 0;
open(LOG,">$logfile") || die("Can't open $logfile\n");

do {
        $x=$x+1;
        print "Press Key? ";    # Ask for input
        $otp = <STDIN>;         # Get input
        chop $otp;              # Chop off newline
        if ($opt ne "stop") {
                $url = "http://api.yubico.com/wsapi/verify?id=". $id ."&otp=". $otp;
                $req = get($url);
                chop $req;
                die "Request Error" unless $req;
                print LOG $x. " ". $id. " ". $otp. "\n". $req. "\n";
                push(@otp_list, $otp);
        }
} while ($otp ne "stop");       # Redo while wrong input
print LOG "\n>>> Re-pay the keys\n\n";
$x = 0;
foreach $reotp(@otp_list) {
        $x = $x+1;
        $url = "http://api.yubico.com/wsapi/verify?id=". $id ."&otp=". $reotp;
        $req = get($url);
        chop $req;
        print LOG $x. " ". $id. " ". $reotp. "\n". $req. "\n";
}
close(LOG);
print @otp_list. "\n";

 
Last Updated ( Friday, 06 August 2010 )
 
Building a Home VMWare Server - UPDATED PDF Print E-mail
Monday, 24 May 2010
I am building my own VMWare "Whitebox" server for home. I manage ESX system at work. I find using like equipment and software at home helps find, and resolve, issues before have to deal with them at work. I'm also interested in saving on my electric bill and increase my systems capabilities.  With four computers in my small corner bedroom it gets hot. The air condition runs almost continuously during the summer.  Along with the build project I'll be reporting on my energy savings.

I have three Linux servers to convert. I'll use ESXi to re-create them into virtual systems.  They are, a firewall, a web/s data store server and an email server.  The firewall is a small system running Untangle with a single disk, the web server is a Fedora Core system with a four disk RAID 4 and the email system runs Zimbra with mirror disks.

I'm also interested in experimenting with new systems.  Some of these are Gentoo, MythTV (MythBuntu), OpenFiler, BackTrack and Zarafa email. I may report on these as well.

In the next new posts I'll go over:

  • Hardware - What I purchased and why.
  • Server Construction - How I put everything together.
  • System Migration - Moving from physical systems to virtual systems.
  • Network configuration - How one Internet connection is connected to all the virtual servers and my desktop.
  • Benchmarks - How fast is everything and are there better configurations.
  • Power savings - Did I really save on my power bill? What is my return on investment.
  • Tweeks, Hacks and Tuning - Little things that make life better in a virtual world.

If you have questions about this project please email Mark @ Grennan.com or Tweet me at mgrennan
Last Updated ( Thursday, 22 July 2010 )
Read more...
 
MySQL Fan Boy get noticed PDF Print E-mail
Monday, 10 May 2010

Looks like I may have found something people are interested in. My Linux Fan Boy blog is getting as many hits as this bog in only a few weeks. 

I got mentioned in Log Buffer #188, a Carnival of the Vanities for DBAs

 You can find it at URL    : http://www.pythian.com/news/11865/log-buffer-188-a-carnival-of-the-vanities-for-dbas/

but here is the jist.

[...] [...] Starting off this week&#8217;s issue is a request from Mark Grennan a DBA who would like to let the community know about his blog MySQL Fan Boy, where he wrote an interesting post on including a script to replace MySQL table files on a live system, making it faster and limiting locking on large table loads. Also a post this week on whether MarieDB is a drop in replacement for MySQL. [...] [...]

Last Updated ( Monday, 10 May 2010 )
 
MySQL Fanboy PDF Print E-mail
Thursday, 25 March 2010

Yes, I’ve started yet another blog. You think I would learn.

This time it’s bout MySQL. The database we all love. 

Check it out at WWW.MySQLFanBoy.com

 
Last Updated ( Thursday, 25 March 2010 )
 
Snow on the Redbuds (again) PDF Print E-mail
Saturday, 20 March 2010

Snow on the Redbuds

Here it is March,
its already spring.
The robins are back,
every morning the birds sing.

Oklahoma weather is strange,
it can rain with the sun up high.
But I love it when
snow falls from the sky.

When I got up this morning,
it was cold and my window was bright.
There was snow on the Redbuds.
It fell through the night.

Mark Grennan
March 23, 2006

Last Updated ( Saturday, 20 March 2010 )
 
MySQL Table Caching PDF Print E-mail
Tuesday, 01 December 2009
Too much of a good thing...

I have had a lot of people asking me about MySQL lately so I thought is was time to share something I learned.  Too much caching space in MySQL can be a bad thing.

You would thing the more you can stuff your entire database into memory the better off you would be and the faster your system would work.  That is not completely true. I have made mprovements by lowering table_cache variable on every version my MySQL 5. From what I have read this seems to be due to overhead managing file descriptors and caching tables.  Like most things there is a point of diminishing returns when dealing with cache tables.  At some point your hit rate is overtaken by the management threads.

This seems to work best.  The read_rnd should be four times the sort and join buffer and they are four times the read buffer.  Something like this;

sort_buffer_size = 16M
read_buffer_size = 4M
read_rnd_buffer_size = 64M
join_buffer_size = 16M

Send me feedback at Mark at Grennan.com
Last Updated ( Tuesday, 01 December 2009 )
 
More...
<< Start < Prev 1 2 3 4 5 6 7 8 9 Next > End >>

Results 1 - 10 of 85
[ Back ]