Viewing posts tagged Open Source
securing-webdav-with-ssl-and-two-factor
Posted by: admin 15 years, 3 months ago
One reason for the lack of posts recently has been that I have written a how-to on securing WebDAV with SSL and two-factor authentication. Dealing with WebDAV was more of a pain than I anticipated. First, there seems to be a bug in recent versions of apache that breaks mod_auth_radius and mod_auth_xradis. Second, I spent a lot of time figuring out the ways that WebDAV does not work on Windows ;).
myopenid-security-fix
Posted by: admin 15 years, 3 months ago
Josh Hoyt has a preliminary notice about a security fix for MyOpenID. It's limited (at least on MyOpenID) to Safari users, so it's not a big deal. Josh considers it a flaw in the way Safari handles javascript security. But it is clear that OpenID is going through some growing pains as a protocol, which is natural and healthy. I'm impressed with the way the community is handling this vulnerability.
summary-of-identity-landscape
Posted by: admin 15 years, 3 months ago
I really need to spend more time thinking about identity and focusing on what WiKID needs to do in the identity space. You'll have an identity no matter how you authenticate, but the more you rely on your identity the more important it becomes and the more secure it should be. But I think most of the identity players are focused on making identity easier - i.e. fewer logins.tacacs-the-good-and-the-bad
Posted by: admin 15 years, 3 months ago
The good news is that the 3.0.1 release of the WiKID Strong Authentication server has improved support for TACACS+. You can now create a file in /opt/WiKID/private called tacacs.local and it's contents will appear in the tacacs.conf file, allowing finer grain control of permissions, etc.
the-10-000-download-mark
Posted by: admin 15 years, 3 months ago
Sometime while I was away on vacation we crossed the 10,000 download mark on our Sourceforge site. Thanks to everyone!
Recent Posts
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
- WiKID Android tokens had their data deleted over the weekend by Google Chrome bug
Archive
2024
- January (1)
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)