Secure Login Form






Lost Password?
No account yet? Register

Syndicate

 Home
YubiKey - Trust But Verify
Friday, 06 August 2010

A little over a year ago I discivered a Yubikey Replay AttackThe YubiKey is a hardware authentication token that looks like a small USB memory stick, but it is actually a keyboard. With the command of an integrated touch button, the device can send a time-variant, secure login code as if it was typed in from a keyboard. And because USB-keyboards are standard on all computers the YubiKey works on all platforms and browsers without the need for client software.

I believe the YubiKey is the answer to many password / security problems we have. If you are not using a Yubikey are are not as safe as you could be. And it is easy.

Everyone should be using a Yubikey , LastPass and TrueCrypt.

I believe in the Trush NoOne  (TNO) ideal of information security. However, with a Yubikey you are required to trust Yubico. So,  If you can't trust them, you should Trust But Verify (TBV).  

Here is a simple script to verify Yubico has not slipped. About the only problem with Yubikey is the Replay Attack.

 

#!/usr/bin/perl
#use strict;
#use Yubico::Auth;
use LWP::Simple;

$id = "1";          # Your Yubikey ID here
$logfile = "./usedkeys";
@otp_list = "";
$x = 0;
open(LOG,">$logfile") || die("Can't open $logfile\n");

do {
        $x=$x+1;
        print "Press Key? ";    # Ask for input
        $otp = <STDIN>;         # Get input
        chop $otp;              # Chop off newline
        if ($opt ne "stop") {
                $url = "http://api.yubico.com/wsapi/verify?id=". $id ."&otp=". $otp;
                $req = get($url);
                chop $req;
                die "Request Error" unless $req;
                print LOG $x. " ". $id. " ". $otp. "\n". $req. "\n";
                push(@otp_list, $otp);
        }
} while ($otp ne "stop");       # Redo while wrong input
print LOG "\n>>> Re-pay the keys\n\n";
$x = 0;
foreach $reotp(@otp_list) {
        $x = $x+1;
        $url = "http://api.yubico.com/wsapi/verify?id=". $id ."&otp=". $reotp;
        $req = get($url);
        chop $req;
        print LOG $x. " ". $id. " ". $reotp. "\n". $req. "\n";
}
close(LOG);
print @otp_list. "\n";

 
Last Updated ( Friday, 06 August 2010 )
 
Building a Home VMWare Server - UPDATED
Monday, 24 May 2010
I am building my own VMWare "Whitebox" server for home. I manage ESX system at work. I find using like equipment and software at home helps find, and resolve, issues before have to deal with them at work. I'm also interested in saving on my electric bill and increase my systems capabilities.  With four computers in my small corner bedroom it gets hot. The air condition runs almost continuously during the summer.  Along with the build project I'll be reporting on my energy savings.

I have three Linux servers to convert. I'll use ESXi to re-create them into virtual systems.  They are, a firewall, a web/s data store server and an email server.  The firewall is a small system running Untangle with a single disk, the web server is a Fedora Core system with a four disk RAID 4 and the email system runs Zimbra with mirror disks.

I'm also interested in experimenting with new systems.  Some of these are Gentoo, MythTV (MythBuntu), OpenFiler, BackTrack and Zarafa email. I may report on these as well.

In the next new posts I'll go over:

  • Hardware - What I purchased and why.
  • Server Construction - How I put everything together.
  • System Migration - Moving from physical systems to virtual systems.
  • Network configuration - How one Internet connection is connected to all the virtual servers and my desktop.
  • Benchmarks - How fast is everything and are there better configurations.
  • Power savings - Did I really save on my power bill? What is my return on investment.
  • Tweeks, Hacks and Tuning - Little things that make life better in a virtual world.

If you have questions about this project please email Mark @ Grennan.com or Tweet me at mgrennan
Last Updated ( Thursday, 22 July 2010 )
Read more...
 
MySQL Fan Boy get noticed
Monday, 10 May 2010

Looks like I may have found something people are interested in. My Linux Fan Boy blog is getting as many hits as this bog in only a few weeks. 

I got mentioned in Log Buffer #188, a Carnival of the Vanities for DBAs

 You can find it at URL    : http://www.pythian.com/news/11865/log-buffer-188-a-carnival-of-the-vanities-for-dbas/

but here is the jist.

[...] [...] Starting off this week&#8217;s issue is a request from Mark Grennan a DBA who would like to let the community know about his blog MySQL Fan Boy, where he wrote an interesting post on including a script to replace MySQL table files on a live system, making it faster and limiting locking on large table loads. Also a post this week on whether MarieDB is a drop in replacement for MySQL. [...] [...]

Last Updated ( Monday, 10 May 2010 )
 
More...
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Results 1 - 4 of 60
[ Back ]