[PLUG] Two factor hardware authentication on Linux
Alan
alan at clueserver.org
Fri Oct 24 21:55:11 UTC 2014
On Fri, 2014-10-24 at 14:32 -0700, Keith Lofstrom wrote:
> On Fri, Oct 24, 2014 at 11:36:37AM -0700, alan at clueserver.org wrote:
> > I am considering doing a talk on two factor authentication using hardware
> > tokens as a talk for PLUG.
> >
> > Are people interested in that? Should I gear this for Advanced Topics or a
> > regular meeting?
>
> Advanced Topics, please.
>
> I am particularly interested in the thinking that goes into
> identifying and correcting weaknesses, even after the hardware is
> deployed. And the social engineering that must be done on management
> to convince them that by the time a vulnerability emerges in the
> wild, it can be way too late to protect the public. Or protect
> the corporation that sold the devices from bankrupting lawsuits.
>
> I am in the middle of such a problem right now.
That sounds like a different talk. There are disclosure rules for
vulnerabilities that cover this sort of thing. I can do that talk at a
later date.
After getting both of the hardware devices, the talk may be for a
general audience. These are starting to be used for all sorts of general
purpose web sites. Might even be used on facebook at this point. (I
don't use it, but I might set up a bogus account to test this.)
I will know more the farther I get into the project.
More information about the PLUG
mailing list