A USB dongle for one-time passwords
The benefits of OpenKubus include portability and the ability to customize hardware without breaking the bank. The drawback is that the stick and all the servers need to synchronize the serial number. If you need to authenticate against multiple servers, you will need a central server. Tools for managing OpenKubus in larger environments with large numbers of users are still rudimentary.
OpenKubus will not protect you against man-in-the-middle attacks . The service you are calling has to demonstrate authenticity separately. However, the project is an exciting platform for any administrator interested in experimenting.
- "One-Time Passwords" by Udo Seidel, Linux Magazine, November 2008, pg. 22
- USBprog wiring diagram: http://www.embedded-projects.net/usbprog
- Shop for OpenKubus hardware: http://shop.embedded-projects.net
- OpenKubus: http://code.google.com/p/openkubus (in German)
- Installation notes on AVR-GCC: http://www.nongnu.org/avr-libc/user-manual/install_tools.html
- PAM configuration syntax: http://kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-configuration-file.html
- Wrapper Generator SWIG: http://www.swig.org/
- Man-in-the-middle attacks: http://en.wikipedia.org/wiki/Man-in-the-middle_attack
Read full article as PDF:
New release comes with better semantic search and improvements to Kontact.
Annual code quality report shows FOSS is more secure at all project size levels.
A new class of problems lets a malicious app pre-configure an invisible privilege update.
New Hack language adds static typing and other conveniences.
New crypto policy system will offer easier configuration and more uniform security.
Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
Vulnerability affects many Linux web servers