beamflash

beamflash, 6 days ago

@decryption https://www.token2.com/shop/product/molto-2-v2-multi-profile-totp-programmable-hardware-token

beamflash, 6 days ago

@decryption 60 codes in https://shop.reiner-sct.com/authenticator/reiner-sct-authenticator?locale=en and I think it can scan qr codes

beamflash, 16 days ago

@KathyReid @ubuntusecurity @ubuntu Why is an Australian university requiring FIPS (a US certification) in the first place? Not that I'm suggesting it's feasible, but the assertion is surely client-side so something like OpenConnect could spoof it.

Another option - run 20.04 LTS in a VM and route your traffic through it.

beamflash, 15 days ago

@KathyReid @ubuntusecurity @ubuntu FIPS certification notoriously takes years so you end up running out of date software if you require it. Perhaps feed that back to the security team that they're forcing the use of older, insecure software (notwithstanding that 20.04 LTS is still under security support, there will still be security improvements that aren't backported) by requiring FIPS. Easy and thoughtless box-ticking security teams don't go hand-in-hand unfortunately

https://keypair.us/2024/02/fips-140-3-validation-times/

beamflash, 5 months ago

@luis_in_brief Meanwhile npm refuses security https://news.ycombinator.com/item?id=38645969

beamflash, 4 months ago

@luis_in_brief Sure, PGP isn't the be-all and end-all these days, but an optional centrally managed signing service doesn't seem that great either. Looking into it more, it's more the developer's fault for blindly trusting code from a CDN (which is a pretty nifty attack vector). Just trying to link it back to the "security is hard, let's not worry" attitude that you are against.

https://www.coinfabrik.com/blog/attack-on-ledger-wallets-what-happened/

beamflash, 6 months ago

@simon @shram86 And yet most people are going to blindly use them and accept whatever output they're given