SafeSign and OSX

December 10th, 2008 @ 20:27 by Willem

After my blog post on OSX and Aladdin eToken I received a phonecall from Haaino @ AET Europe. He offered the SafeSign software for OSX so I could try their OSX software as well.

The SafeSign software is used with smartcards and smartcard readers like the OmniKey smartcard readers. Through my line of work, no lack of smartcards and/or readers. Only the software was missing (up till now).

The package I received contained TokenLounge software and the SafeSign v3.0 drivers for OSX. After installation of the software, you’re left with Token Administration, and TokenLounge Software. The software installation took place on an iMac running OSX 10.5.5. (more…)

Posted in Apple, Security, Software | No Comments »

OpenSSH Vulnerabilities

May 20th, 2008 @ 9:53 by Willem

It seems that public key authentication isn’t as save as you might have thought. That is if you’re using a Debian based OpenSSH solution. This package can be found in many Linux distributions like;

  • Debian (duh ;) )
  • Ubuntu
  • Kubuntu
  • etc.

The problem is that the random number generator (which is of vital importance in generating key-pairs) isn’t as random as you might think. It seems that there are only about 30.000 combinations in this specific generator. This leaves the door wide open for brute-force attacks.

So, the first you must do is update your OpenSSH software, and generate new keypairs for all devices / users which might have keys which were generated with the vulnerable OpenSSH software. Softwarepackages depending on OpenSSH are;

  • OpenVPN
  • DNSSEC
  • OpenSSH
  • Certificates used in TLS connections
  • etc.

More info on the subject can be found here [1, 2, 3].

Posted in Linux, News, Security, Software | No Comments »