General Musing

blaze your trail

Posts Tagged ‘authentication

6 Months of Security Links #2011

leave a comment »

I’m a regular curator of daily links, and like to give overviews of my collection of curated links and posts. This is partly as there are some good sources and articles in here and as I am working on a research project which I started based on a number of books I read.

I’m sure you’ll find something interesting in the items below – there are some gems in the list – and I dare to hazard the guess you might learn something you wanted to know. 🙂

Read the rest of this entry »

Written by Daniël W. Crompton (webhat)

July 15, 2011 at 4:10 pm

Posted in tagging

Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

A catalog of this year’s risky articles #2010

leave a comment »

Programming Hands

Risk is something which can be difficult to evaluate for the average person, there is a lot of work which goes in to learning not to do the two things that people usually do when they are confronted with risk:

  1. Ignore
  2. Overreact

It looks like every man and his dog needs to have a Facebook page, even banks…

It has been almost 1.5 weeks since Google’s FeedBurner removed the Frie…

Some days ago I tweeted to Prosper, a personal loan marketplace, whether they…

I don’t really think most people get “it” when it comes to …

Just noticed that Google Translate translates the name of the Dutch social ne…

I find a 400 plus page manual of office policies and job descriptions for eac…

In the last two days I’ve not been posting so much, and focussing on up…

I started playing with Google Scribe and wanted to see if patterns emerged so…

I have my Google account set up with English as the preferred language, my br…

For the last 2 years LinkedIn has been running a bad poor IT management depar…

When I just started I too had trouble with getting all the items I required t…

On August 11th 2007 I exceeded my GMail quota, I blogged about it here. At th…

Brian Szymanski send a reply to me concerning another bank implementing SMS b…

I don’t understand why url expansion after url shortening is such an is…

I just read an article Web Coupons Know Lots About You, and They Tell in the …

This morning/night China’s networks were sending rerouting messages to …

The lack of trained and experienced computer security people working in small…

Last week I saw an episode of a popular Dutch Ombudsman program Kassa, they r…

After seeing a program about a lifecoach trying to find the time to get his p…

Image source Radio Nederland Wereldomroep

This year’s articles about programming #2010

leave a comment »

Programming Hands

In 2010 I was less focussed on programming articles on the blog than previous years, still I have managed to create some interesting articles with code in 2010. This is an overview of the activity:

Having some fun today with QR codes, JavaScript and the Google Analytics URL …

The only questions that are asked in the Daily Scrum, aka Stand-Up, are: What…

UPDATE: GMail has introduced my number 3. YEAH! (Gmail introduces Priority In…

I like YouTube, and often subscribe to new channels and unsubscribe after a w…

Since I started working for my company I’ve been exposed to PCI DSS (Pa…

I don’t understand why url expansion after url shortening is such an is…

VeriSign – Personal Identity Portal is a OpenID provider with multiple …

Image source D’Arcy Norman

VeriSign PIP Browser Certificate workaround (PIN Request) #identity #openid

leave a comment »

VeriSign – Personal Identity Portal is a OpenID provider with multiple factor identification: Password +

  • Mobile Credential (phone or mail PIN)
  • Account Information Card (can be used by applications such as Microsoft CardSpace)
  • VeriSign browser certificate
  • VeriSign Identity Protection (VIP) Credential (Physical Token)

As I have a browser certificate linked to my old browser and couldn’t login with my current browser I had to figure out a workaround when I don’t have the browser certificate: PIN Request. On the page that does the browser certificate request there is a hidden link to get a PIN send by mail or mobile, which you can find here.

Hope that helps you.

Written by Daniël W. Crompton (webhat)

April 17, 2010 at 7:24 pm

Implementation of Security #risk

with one comment

The lack of trained and experienced computer security people working in small to medium sized businesses today means that many times this is left to the regular IT departments to solve, if there even is an IT department. In many cases this leads to vendors educating the IT department on what are best practices, this is often to the advantage of both the vendors and the company. Important to remember is that such inequality and lack of knowledge on the part of the IT department can lead to a situation that when a vendor leaves the knowledge leaves with him/her. In the end the vendor is there to sell their software.

Read the rest of this entry »

Written by Daniël W. Crompton (webhat)

March 5, 2010 at 10:57 am

Podcasts I Like – Speaking of Security #podcast

leave a comment »

The RSA Podcast Speaking of Security is one of my favourite podcasts covering security, not just because they are my former employers. They cover many of the issues faced by enterprises, many of the subjects such as online fraud and privacy, enterprise data protection, authentication strategies, and government policy are covered from enterprise perspective.

It’s also a good source of discussion on RSA’s Conference

Technorati technorati tags: , , , , , , ,

Written by Daniël W. Crompton (webhat)

August 18, 2008 at 8:13 pm

Clipperz, Online Password Share

with one comment

I was trying to think about what to say about SlideShare, so I was browsing the site to give me inspiration, it didn’t work.

What I did find was Clipperz, Clipperz makes it possible to login with one click. The username and password for the site is stored encrypted at Clipperz and is decrypted and posted to the site. I’ll use the example of /., the bookmarklet provided extracts the form and uses that to populate the login form.

{
  "page": {"title": "Slashdot: News for nerds, stuff that matters"},
  "form": {
    "attributes": {"action": "http://slashdot.org/login.pl", "method": "post"},
    "inputs":[
      {"type": "text",     "name": "unickname",   "value": "username"},
      {"type": "hidden",   "name": "returnto",    "value": "//slashdot.org/"},
      {"type": "hidden",   "name": "op", "value": "userlogin"},
      {"type": "password", "name": "upasswd",     "value": "password"},
      {"type": "checkbox", "name": "login_temp",  "value": "yes"},
      {"type": "submit",   "name": "userlogin",   "value": "Log in"}]
    },
  "version": "0.2.3"
}

To be entirely portable you can access the websites from a sidebar in your browser. Naturally this is a nice proof of concept for the real product they are selling: zero-knowledge web applications.

Zero-knowledge web applications is about making web applications more secure. Do you trust Google Documents with your confidential documents? You shouldn’t unless the data is stored without the knowledge of the SaaS provider. Clipperz password manager is the first zero-knowledge web application. This means that Clipperz knows nothing about its users and their data. They do this using a JavaScript library, based on Ajax and browser-based cryptography, which can be used to build applications that users can can use to manage their private data.

Technorati technorati tags: , , , , ,

Written by Daniël W. Crompton (webhat)

July 26, 2008 at 8:07 pm

MySpace gains OpenID, FaceBook should

leave a comment »

Firstly I’m not using WordPress’ Press This feature any more, this is the third time I am having to post this after it ate 2 previous drafts. Maybe I should fix the GreaseMonkey script I build for /. to work on Press This.

After predicting the death of MySpace they have surprised me by adding an OpenID Identity Provider. Obviously they are only allowing you to use it to authenticate on other sites, but still is a step with others including FaceBook haven’t done yet. So I started to muse how FaceBook would be able to top it, and what I actually want from a OpenID Identity Provider:

  • Authentication (obviously)
  • FOAF
  • hCard (or other microformats)
  • Certificate Authentication (PKI)

ClaimID already has 3 of the 4, but their friend system requires some kind of social networking and as it is not a social networking site it doesn’t really cover FOAF completely. This is why integration of FOAF would be a good step for both FaceBook and MySpace.

MySpace is only acting as an identity provider, meaning that while you can use your MySpace credentials to sign into other Web sites, you cannot yet use your credentials from another OpenID provider to sign into MySpace.

Source: MySpace Opens Up First; Launches Data Availability on Flixster and Eventful

Technorati technorati tags: , , , , , ,

Written by Daniël W. Crompton (webhat)

July 24, 2008 at 3:19 pm

MyOpenID Second Factor

leave a comment »

MyOpenID has two additional features I hadn’t seen before. They have added Two-Factor Authentication and TLSCertificate Authentication.

Nice new features, gives me a reason to switch default OpenID provider.

Technorati technorati tags: , , , ,

Written by Daniël W. Crompton (webhat)

July 22, 2008 at 7:48 pm

Posted in business, identity, pki, risk

Tagged with , , , ,

%d bloggers like this: