Few weeks ago, Google has made available in his services the 2 factor authentication via security key, implementing the FIDO u2f authentication standard.
The security key is a device like a usb pen drive but slim as a smartcard with a chip on the usb plug. This chip contains a key pair and cryptographic functions.You can register the public key on a service like the ones provided by Google and, in future, use the security key as the second step authentication.
At moment, the security key works with any of the major OSes (GNU/Linux, Windows and OSX) and only with Google Chrome browser.
I’ve ordered a security key on Amazon (the cheap one), so I’m going to test this security token soon with google gmail and make some usage reports.
By the way, Google may be one of the first big companies to adopt the FIDO u2f security key standard. In the future, Yahoo and other big companies may provide the security key authentication as an alternative to the sms pin. Paypal has also a security key protection but his implementation seems to be proprietary.
Here’s the Google help page of the security key token.
That’s a quite important news. From now on, major articles will be released under the Amazon ebook store. These ebooks will contain an essay between 6 and 10 standard pages of 2000 characters and will explore the topics we like: computers, internet, security and so on.
Each essay will cost about 1$, that is also a way to push me to write more and more qualitative essays.
But that’s not a way to leave this blog, because this space will continue to provide you flash news and discussions about security, ethics and mechanics of computers, as the twitter account does: @LCyberspazio.
So, if you are interested in light but surely interesting computer readings, take a look at my Amazon publications.
GO TO AMAZON
These titles are available worldwide. The collection “Of Men and Machines” is the one that represents this blog and it’s in English language; by the way, get the ebook from your amazon country store. Sometimes, the books are in promotion for free.
With some new features added to the TCCF suite, I’ve added to this blog the page to get more info and download page for the crypto suite for Linux.
It’s a technology fact: virtual peripherals controls hardware peripherals in the virtual domain size.
Once a system is connected to the Internet, the virtual domain assumes the dimensions of the Internet: worldwide.
Your screen, your webcam, your microphone, your input methods, your disks… practically each part of your computer/smartphone/device is controllable by the Internet.
Sometimes these features are enabled by the owner, other times by pirates attacking the system of the victim with a malware and least but not last, standing to Snowden revelations, even Governmental interception systems has the capability of activate a data stream from you computer.
Your notebook is getting old and you are going to earn some money to get the new powerful, shiny model, selling your old laptop on ebay.
On the other part of the World, a rich lucky guy with the new powerful, shiny model needs to perform some core fucking operations and so decides to get a used laptop on ebay to avoid any risks on his jewel.
So, the scenario is simple: the seller doesn’t know anything about the buyer and viceversa.
When you sell your notebook think as you are going to sell your gun to an unknown. Who is it? A kid? A worker? A paedophile? A malicious Hacker? A terrorist? Or maybe the next Snowden, hunted by secret services worldwide?
I’ve written this small guide to help and maybe improve the security process in preparation of Android devices.
Common tablets and smartphones are widely used in a Company and Professional environment, so it’s good that the IT Department enforce the security of these devices before deploying them to the employees.
This small guide will help Sys Admins, working like a checklist to the most common security enforcing operations. The scenario analyzed is the setup of a secure tablet for an employee that have to keep this device with him in a job travel.
Please, contact me to signal eventual errors or to give me advices to improve this guide.
DOWNLOAD ANDROID HARDENING FOR PROFESSIONAL DEVICES PDF
It’s a common way to think that enhanced computer security is a practice for paranoids or for criminals that have something to hide.
That’s an absurd common place! If you encrypt the hard drive of your PC or you use a secure communication system it’s probable that you will be well know as a strange computer guy or worse… a suspect criminal.