All new, never seen before security mechanism: NINE factor authentication!

The first factor merely requests your ID.
The second factor requests your password.
The third factor requires you to answer three personal questions.
The fourth factor requires you to solve a simple mathematical question.
The fifth factor requires you to use a token-authentication.
The sixth factor merely asks you to wait for 4 seconds.
The seventh factor asks you for your birthday.
The eight factor asks you to type a specific letter 10 times in 5 seconds.
The ninth factor asks you to identify the kitty in fourteen images…

Reminds me of Ockhams Razor(!): (paraphrasing) the simplest solution tends to be the right one, until proven wrong. So perhaps we should really try to find a solution without passwords… I think SQRL is a nice option to explore…

categorie(s): security, work | 6 Comments

Comfort Zone

A substantial part of my job is to train people to work as an IT specialist and as a company we have done a pretty good job. We do not train many people, but we seem to train them properly. I really enjoy training people and try to prepare them for a challenging and fun career.

Over time the training improves with every session and you need new insights along the way to keep on improving. So my ‘explanation of the Complete Route and Workings of showing an application through a browser’ has grown to a state which I am quite proud of.

Other parts of the traineeship can still improve and my latest ‘revelation’ is something about comfort zones. Mine seems to be different then the ones of the trainees, which explains some behaviour.

Continue reading »

categorie(s): websphere, work | 2 Comments

Unstash in Python

I once wrote a Java version of the infamous unstash script, written in Perl.

As I am picking up Python (so refreshing, so little clutter) I thought it would be nice as a little practice to rewrite it in Python as well. And it is really compact.

Continue reading »

categorie(s): security, technology, work | 1 Comment

A method for storing private keys offline

One of the issues with Public Key Infrastructure (PKI) has always been a way to safely store and backup the private keys. Most of the time this is done by using a keydatabase for storing the keys or even an HSM in larger organizations. And the only backup solution I encountered so far was burning the key to a CD-R or storing it on an USB stick and putting them in a (physical) vault, controlled by the Security Office.

I have a smarter idea for offline backups!

Continue reading »

categorie(s): security, technology, work | 2 Comments

Security is not about Technology, but Habits

At the IBM conference in Berlin I realized that I have been preaching some ideas about (internet) security for a while. The gist of this idea is that security in the ‘world of computers’ (also referenced as the internet, on-line or -nowadays- clouds) is not all about technical solutions. In fact the most important component are not the technical implementations. Besides, these are pretty easy, although most people try to hide that.

Let me be clear and frank: implementing a secure computer system is hard, requires quite some knowledge, but so is programming a reasonable application or a corporate website as well. I think that putting a house or car together is even much harder. It is just another set of skills and you probably need specialized personnel to handle the security stuff for you. It is still a skill set most intelligent people could acquire.
Continue reading »

categorie(s): security, technology, work | Leave a comment