All new, never seen before security mechanism: NINE factor authentication!

The first factor merely requests your ID.
The second factor requests your password.
The third factor requires you to answer three personal questions.
The fourth factor requires you to solve a simple mathematical question.
The fifth factor requires you to use a token-authentication.
The sixth factor merely asks you to wait for 4 seconds.
The seventh factor asks you for your birthday.
The eight factor asks you to type a specific letter 10 times in 5 seconds.
The ninth factor asks you to identify the kitty in fourteen images…

Reminds me of Ockhams Razor(!): (paraphrasing) the simplest solution tends to be the right one, until proven wrong. So perhaps we should really try to find a solution without passwords… I think SQRL is a nice option to explore…

categorie(s): security, work | 5 Comments

Unstash in Python

I once wrote a Java version of the infamous unstash script, written in Perl.

As I am picking up Python (so refreshing, so little clutter) I thought it would be nice as a little practice to rewrite it in Python as well. And it is really compact.

Continue reading »

categorie(s): security, technology, work | 1 Comment

A method for storing private keys offline

One of the issues with Public Key Infrastructure (PKI) has always been a way to safely store and backup the private keys. Most of the time this is done by using a keydatabase for storing the keys or even an HSM in larger organizations. And the only backup solution I encountered so far was burning the key to a CD-R or storing it on an USB stick and putting them in a (physical) vault, controlled by the Security Office.

I have a smarter idea for offline backups!

Continue reading »

categorie(s): security, technology, work | 1 Comment

Crash Recovery of an OSX Lion FileVault2 disk

My Apple iMac started to behave weird, with some Kernel Panics, grey screens and general crashes. While I was going through this I was pretty sure it wouldn’t hurt me as I had a TimeMachine for continuous backups. How wrong could I be!

After my Mac really crashed and my TimeMachine proved to be rubbish, I still managed to open the encrypted harddisk and made some backups by hand. I consider this quite a neat trick, so let me explain and perhaps save your day as well.

(updated with extra info)

Continue reading »

categorie(s): security, technology | Leave a comment

Security is not about Technology, but Habits

At the IBM conference in Berlin I realized that I have been preaching some ideas about (internet) security for a while. The gist of this idea is that security in the ‘world of computers’ (also referenced as the internet, on-line or -nowadays- clouds) is not all about technical solutions. In fact the most important component are not the technical implementations. Besides, these are pretty easy, although most people try to hide that.

Let me be clear and frank: implementing a secure computer system is hard, requires quite some knowledge, but so is programming a reasonable application or a corporate website as well. I think that putting a house or car together is even much harder. It is just another set of skills and you probably need specialized personnel to handle the security stuff for you. It is still a skill set most intelligent people could acquire.
Continue reading »

categorie(s): security, technology, work | Leave a comment