#hmac | Explore Tumblr Posts and Blogs

black-arcana · 3 months

Text

JINJER Announces Fall 2024 North American Tour With HANABIE And BORN OF OSIRIS

Ukrainian modern metallers JINJER will embark on a North American tour in the fall. Support on the trek will come from fast-rising Japanese metalcore unit HANABIE and progressive metalcore mainstays BORN OF OSIRIS.

As JINJER is currently in the studio recording its fifth studio album, fans can expect to hear a handful of brand new, never-before-heard tracks on the tour.

The 18-date tour will kick off on September 20 at in Sayreville, New Jersey and will include a couple of Canadian shows (in Toronto and Montreal) before wrapping up on October 13 at Sacramento, California's Aftershock festival.

In addition to Aftershock, the tour will also see JINJER performing at festivals such as Metal Injection Festival, Louder Than Life and the return of the mighty Mayhem festival.

Various ticket presales via Citi, Ticketmaster, Live Nation and more begin today, with general public on-sale beginning this Friday, June 14 at 10:00 a.m. local time.

JINJER comments on returning to North America: "It's finally time for some huge announcements: We're stoked to report that this September, JINJER will return to North America with not only two absolutely sick supports: HANABIE and BORN OF OSIRIS! Most importantly, we'll be performing some brand new unreleased songs from our upcoming fifth studio album. [We] just cannot wait to share what we've been working on for the last two years. This will be without a doubt a banger of a tour … We're looking forward to this so much!"

JINJER fall 2024 North American tour dates:

Sep. 20 - Sayreville, NJ @ Starland Ballroom Sep. 21 - Brooklyn, NY @ Metal Injection Fest Sep. 22 - Pittsburgh, PA @ Roxian Theatre Sep. 23 - Toronto, ON @ Danforth Music Hall Sep. 24 - Montreal, QC @ MTELUS Sep. 26 - Harrisburg, PA @ HMAC Sep. 27 - Baltimore, MD @ Baltimore Soundstage Sep. 29 - Louisville, KY @ Louder Than Life Oct. 01 - Charlotte, NC @ The Fillmore Oct. 02 - Atlanta, GA @ Buckhead Theatre Oct. 03 - Lake Buena Vist, FL @ House Of Blues Oct. 04 - North Myrtle Beach, SC @ House Of Blues Oct. 06 - Houston, TX @ House Of Blues Oct. 07 - San Antonio, TX @ The Aztec Theatre Oct. 09 - Denver, CO @ Ogden Theatre Oct. 11 - Las Vegas, NV @ House Of Blues Oct. 12 - San Bernardino, CA @ Mayhem Festival Oct. 13 - Sacramento, CA @ Aftershock Festival

During an appearance on a recent episode of Knotfest's "She's With The Band", the show hosted by Tori Kravitz, JINJER vocalist Tatiana Shmailyuk spoke about the progress of the songwriting sessions for the follow-up to the band's 2021 album "Wallflowers". Tatiana said: "My purpose is just to write lyrics and sing them. I'm so behind right now with the writing lyrics. And I warned my guys. We were at least to get a really rough draft, rough sketch or a demo of one song, like maybe first single from the new album, at least get this, but nope. [Stress and creativity don't] work with me. Well, but when the deadline's coming, and everybody knows that — I've been talking, like, every single time we release a new album, I say that, I say this — deadlines push me. So I just have to write, so I get this stream of consciousness, basically. I write down whatever the bullshit is in my head. And then you build it. At least you have to have bricks to build a poem or whatever it is, just lyrics."

Regarding the musical direction of the new JINJER material, Tatiana said: "It's gonna be different, first of all, because I feel that the music differs a lot. And to my mind, the whole — I won't say how many songs are there; I guess 12 or even 15; let's say 13; I don't remember — but they all have… not all of them, but half of them, at least, they have a similarity in them. They're similar to each other or they remind me. They have this concept within — without any lyrics, they still sound like they belong to one box. They are a set of songs. And I already think about all the… I'm not even thinking about like the lyrics — I think about the topics and stuff, but I think about the booklet or the cover or even the music videos and what I'm gonna wear there. And it has a certain flavor to me that… I feel like it has this flavor of 19th century. It's very romanticism from the 19th century. If you listen to it, you will think, 'Oh.' You know, when you listen to MUSE, you feel he was inspired by a lot of classical composers — obviously. So our new music has this flavor. And I'm so excited."

JINJER released its first official live DVD/Blu-ray, "Live In Los Angeles", on May 17 via Napalm Records. Recorded and filmed on December 22, 2022 at The Wiltern in Los Angeles, this offering is intended to celebrate not only getting through the last few years in one piece, but also the band's 15-year career.

"Live In Los Angeles" was a spontaneous decision by the band, recorded as raw as possible, to emphasize the passion that can come from a live show. This release is an explosive mixture of JINJER's discography — featuring fan favorites like "Sit Stay Roll Over", "Home Back" and the game-changing "Pisces". The live album contains 16 songs in various audio formats, with some strictly limited: the deluxe digipack features not only a DVD, but also two more songs, "Wallflower" and "Disclosure!", recorded in Paris in 2023.

JINJER is:

Tatiana Shmayluk - Vocals Roman Ibramkhalilov - Guitars Eugene Abdukhanov - Bass Vlad Ulasevich - Drums

Photo credit: Lina Glasir

#jinjer

9 notes · View notes

understandingactivedirectory · 1 year

Text

Exploring Kerberos and its related attacks

Introduction

In the world of cybersecurity, authentication is the linchpin upon which secure communications and data access rely. Kerberos, a network authentication protocol developed by MIT, has played a pivotal role in securing networks, particularly in Microsoft Windows environments. In this in-depth exploration of Kerberos, we'll delve into its technical intricacies, vulnerabilities, and the countermeasures that can help organizations safeguard their systems.

Understanding Kerberos: The Fundamentals

At its core, Kerberos is designed to provide secure authentication for users and services over a non-secure network, such as the internet. It operates on the principle of "need-to-know," ensuring that only authenticated users can access specific resources. To grasp its inner workings, let's break down Kerberos into its key components:

1. Authentication Server (AS)

The AS is the initial point of contact for authentication. When a user requests access to a service, the AS verifies their identity and issues a Ticket Granting Ticket (TGT) if authentication is successful.

2. Ticket Granting Server (TGS)

Once a user has a TGT, they can request access to various services without re-entering their credentials. The TGS validates the TGT and issues a service ticket for the requested resource.

3. Realm

A realm in Kerberos represents a security domain. It defines a specific set of users, services, and authentication servers that share a common Kerberos database.

4. Service Principal

A service principal represents a network service (e.g., a file server or email server) within the realm. Each service principal has a unique encryption key.

Vulnerabilities in Kerberos

While Kerberos is a robust authentication protocol, it is not immune to vulnerabilities and attacks. Understanding these vulnerabilities is crucial for securing a network environment that relies on Kerberos for authentication.

1. AS-REP Roasting

AS-REP Roasting is a common attack that exploits weak user account settings. When a user's pre-authentication is disabled, an attacker can request a TGT for that user without presenting a password. They can then brute-force the TGT offline to obtain the user's plaintext password.

2. Pass-the-Ticket Attacks

In a Pass-the-Ticket attack, an attacker steals a TGT or service ticket and uses it to impersonate a legitimate user or service. This attack can lead to unauthorized access and privilege escalation.

3. Golden Ticket Attacks

A Golden Ticket attack allows an attacker to forge TGTs, granting them unrestricted access to the domain. To execute this attack, the attacker needs to compromise the Key Distribution Center (KDC) long-term secret key.

4. Silver Ticket Attacks

Silver Ticket attacks target specific services or resources. Attackers create forged service tickets to access a particular resource without having the user's password.

Technical Aspects and Formulas

To gain a deeper understanding of Kerberos and its related attacks, let's delve into some of the technical aspects and cryptographic formulas that underpin the protocol:

1. Kerberos Authentication Flow

The Kerberos authentication process involves several steps, including ticket requests, encryption, and decryption. It relies on various cryptographic algorithms, such as DES, AES, and HMAC.

2. Ticket Granting Ticket (TGT) Structure

A TGT typically consists of a user's identity, the requested service, a timestamp, and other information encrypted with the TGS's secret key. The TGT structure can be expressed as:

3. Encryption Keys

Kerberos relies on encryption keys generated during the authentication process. The user's password is typically used to derive these keys. The process involves key generation and hashing formulas.

Mitigating Kerberos Vulnerabilities

To protect against Kerberos-related vulnerabilities and attacks, organizations can implement several strategies and countermeasures:

1. Enforce Strong Password Policies

Strong password policies can mitigate attacks like AS-REP Roasting. Ensure that users create complex, difficult-to-guess passwords and consider enabling pre-authentication.

2. Implement Multi-Factor Authentication (MFA)

MFA adds an extra layer of security by requiring users to provide multiple forms of authentication. This can thwart various Kerberos attacks.

3. Regularly Rotate Encryption Keys

Frequent rotation of encryption keys can limit an attacker's ability to use stolen tickets. Implement a key rotation policy and ensure it aligns with best practices.

4. Monitor and Audit Kerberos Traffic

Continuous monitoring and auditing of Kerberos traffic can help detect and respond to suspicious activities. Utilize security information and event management (SIEM) tools for this purpose.

5. Segment and Isolate Critical Systems

Isolating sensitive systems from less-trusted parts of the network can reduce the risk of lateral movement by attackers who compromise one system.

6. Patch and Update

Regularly update and patch your Kerberos implementation to mitigate known vulnerabilities and stay ahead of emerging threats.

4. Kerberos Encryption Algorithms

Kerberos employs various encryption algorithms to protect data during authentication and ticket issuance. Common cryptographic algorithms include:

DES (Data Encryption Standard): Historically used, but now considered weak due to its susceptibility to brute-force attacks.

3DES (Triple DES): An improvement over DES, it applies the DES encryption algorithm three times to enhance security.

AES (Advanced Encryption Standard): A strong symmetric encryption algorithm, widely used in modern Kerberos implementations for better security.

HMAC (Hash-based Message Authentication Code): Used for message integrity, HMAC ensures that messages have not been tampered with during transmission.

5. Key Distribution Center (KDC)

The KDC is the heart of the Kerberos authentication system. It consists of two components: the Authentication Server (AS) and the Ticket Granting Server (TGS). The AS handles initial authentication requests and issues TGTs, while the TGS validates these TGTs and issues service tickets. This separation of functions enhances security by minimizing exposure to attack vectors.

6. Salting and Nonces

To thwart replay attacks, Kerberos employs salting and nonces (random numbers). Salting involves appending a random value to a user's password before hashing, making it more resistant to dictionary attacks. Nonces are unique values generated for each authentication request to prevent replay attacks.

Now, let's delve into further Kerberos vulnerabilities and their technical aspects:

7. Ticket-Granting Ticket (TGT) Expiry Time

By default, TGTs have a relatively long expiry time, which can be exploited by attackers if they can intercept and reuse them. Administrators should consider reducing TGT lifetimes to mitigate this risk.

8. Ticket Granting Ticket Renewal

Kerberos allows TGT renewal without re-entering the password. While convenient, this feature can be abused by attackers if they manage to capture a TGT. Limiting the number of renewals or implementing MFA for renewals can help mitigate this risk.

9. Service Principal Name (SPN) Abuse

Attackers may exploit misconfigured SPNs to impersonate legitimate services. Regularly review and audit SPNs to ensure they are correctly associated with the intended services.

10. Kerberoasting

Kerberoasting is an attack where attackers target service accounts to obtain service tickets and attempt offline brute-force attacks to recover plaintext passwords. Robust password policies and regular rotation of service account passwords can help mitigate this risk.

11. Silver Ticket and Golden Ticket Attacks

To defend against Silver and Golden Ticket attacks, it's essential to implement strong password policies, limit privileges of service accounts, and monitor for suspicious behavior, such as unusual access patterns.

12. Kerberos Constrained Delegation

Kerberos Constrained Delegation allows a service to impersonate a user to access other services. Misconfigurations can lead to security vulnerabilities, so careful planning and configuration are essential.

Mitigation strategies to counter these vulnerabilities include:

13. Shorter Ticket Lifetimes

Reducing the lifespan of TGTs and service tickets limits the window of opportunity for attackers to misuse captured tickets.

14. Regular Password Changes

Frequent password changes for service accounts and users can thwart offline attacks and reduce the impact of credential compromise.

15. Least Privilege Principle

Implement the principle of least privilege for service accounts, limiting their access only to the resources they need, and monitor for unusual access patterns.

16. Logging and Monitoring

Comprehensive logging and real-time monitoring of Kerberos traffic can help identify and respond to suspicious activities, including repeated failed authentication attempts.

Kerberos Delegation: A Technical Deep Dive

1. Understanding Delegation in Kerberos

Kerberos delegation allows a service to act on behalf of a user to access other services without requiring the user to reauthenticate for each service. This capability enhances the efficiency and usability of networked applications, particularly in complex environments where multiple services need to interact on behalf of a user.

2. Types of Kerberos Delegation

Kerberos delegation can be categorized into two main types:

Constrained Delegation: This type of delegation restricts the services a service can access on behalf of a user. It allows administrators to specify which services a given service can impersonate for the user.

Unconstrained Delegation: In contrast, unconstrained delegation grants the service full delegation rights, enabling it to access any service on behalf of the user without restrictions. Unconstrained delegation poses higher security risks and is generally discouraged.

3. How Delegation Works

Here's a step-by-step breakdown of how delegation occurs within the Kerberos authentication process:

Initial Authentication: The user logs in and obtains a Ticket Granting Ticket (TGT) from the Authentication Server (AS).

Request to Access a Delegated Service: The user requests access to a service that supports delegation.

Service Ticket Request: The user's client requests a service ticket from the Ticket Granting Server (TGS) to access the delegated service. The TGS issues a service ticket for the delegated service and includes the user's TGT encrypted with the service's secret key.

Service Access: The user presents the service ticket to the delegated service. The service decrypts the ticket using its secret key and obtains the user's TGT.

Secondary Authentication: The delegated service can then use the user's TGT to authenticate to other services on behalf of the user without the user's direct involvement. This secondary authentication occurs transparently to the user.

4. Delegation and Impersonation

Kerberos delegation can be seen as a form of impersonation. The delegated service effectively impersonates the user to access other services. This impersonation is secure because the delegated service needs to present both the user's TGT and the service ticket for the delegated service, proving it has the user's explicit permission.

5. Delegation in Multi-Tier Applications

Kerberos delegation is particularly useful in multi-tier applications, where multiple services are involved in processing a user's request. It allows a front-end service to securely delegate authentication to a back-end service on behalf of the user.

6. Protocol Extensions for Delegation

Kerberos extensions, such as Service-for-User (S4U) extensions, enable a service to request service tickets on behalf of a user without needing the user's TGT. These extensions are valuable for cases where the delegated service cannot obtain the user's TGT directly.

7. Benefits of Kerberos Delegation

Efficiency: Delegation eliminates the need for the user to repeatedly authenticate to access multiple services, improving the user experience.

Security: Delegation is secure because it relies on Kerberos authentication and requires proper configuration to work effectively.

Scalability: Delegation is well-suited for complex environments with multiple services and tiers, enhancing scalability.

In this comprehensive exploration of Kerberos, we've covered a wide array of topics, from the fundamentals of its authentication process to advanced concepts like delegation.

Kerberos, as a network authentication protocol, forms the backbone of secure communication within organizations. Its core principles include the use of tickets, encryption, and a trusted third-party Authentication Server (AS) to ensure secure client-service interactions.

Security is a paramount concern in Kerberos. The protocol employs encryption, timestamps, and mutual authentication to guarantee that only authorized users gain access to network resources. Understanding these security mechanisms is vital for maintaining robust network security.

Despite its robustness, Kerberos is not impervious to vulnerabilities. Attacks like AS-REP Roasting, Pass-the-Ticket, Golden Ticket, and Silver Ticket attacks can compromise security. Organizations must be aware of these vulnerabilities to take appropriate countermeasures.

Implementing best practices is essential for securing Kerberos-based authentication systems. These practices include enforcing strong password policies, regular key rotation, continuous monitoring, and employee training.

Delving into advanced Kerberos concepts, we explored delegation – both constrained and unconstrained. Delegation allows services to act on behalf of users, enhancing usability and efficiency in complex, multi-tiered applications. Understanding delegation and its security implications is crucial in such scenarios.

Advanced Kerberos concepts introduce additional security considerations. These include implementing fine-grained access controls, monitoring for unusual activities, and regularly analyzing logs to detect and respond to security incidents.

So to conclude, Kerberos stands as a foundational authentication protocol that plays a pivotal role in securing networked environments. It offers robust security mechanisms and advanced features like delegation to enhance usability. Staying informed about Kerberos' complexities, vulnerabilities, and best practices is essential to maintain a strong security posture in the ever-evolving landscape of cybersecurity.

#cybersecurity #active directory #kerberos #windows os #cyberattack

12 notes · View notes

testostertunes · 3 months

Text

Emily Robb Summer Tour starts today!! Today in Brooklyn w/ Rosali and then a bunch of nights w/ Kurt Vile & his Violators...

Emily has a string of gigs coming up, and she'll be joined by yours truly on stage with a little organ. Please come out and have a blast and say hello to us. As we get further from Philadelphia, we would especially love to meet anybody willing to let the two of us sleep at their place after the show. Email [email protected] if so inclined.

Either way- don't be shy come say what's up!

Emily Robb Live Dates Summer 2024

Sun 6/16 Brooklyn, NY @ Union Pool w/ Rosali Mon 6/17 Harrisburg, PA @ HMAC * Tue 6/18 Wilmington, DE @ The Queen * Thu 6/20 Atlantic City, NJ North to Shore Festival @ Anchor Rock Club * Sat 6/22 Charlotte, NC Neighborhood Theatre * Sun 6/23 Cincinnati, OH @ Taft Theatre * Mon 6/24 Indianapolis, IN @ State Street Pub w/ Kind Buds Tue 6/25 Evanston, IL @ SPACE * Wed 6/26 St. Louis, MO @ The Pageant * Thu 6/27 Kalamazoo, MI @ Bells * Fri 6/28 Detroit, MI @ Spread Art w/ Deadbeat Beat, Shells Sun 6/30 Norwalk, CT @ District Music Hall *

Tues 7/23 Montreal, QC @ Sotteranea w/ Mountain Movers, Feeling Figures Wed 7/24 Prince Edward County, ON @ Glenwood Cemetery w/ Mountain Movers, Stonegrass, Craig Currie, Paul Lowman Thurs 7/25 Toronto, ON @ Monarch Tavern w/ Mountain Movers Fri 7/26 Rochester, NY Carbon 30YR Fest @ Radio Social Sun 7/28 Williamstown, MA @ Clark Art Institute w/ Glenn Jones Fri 8/2 Philadelphia, PA @ Century Bar w/ Nod, Mike Polizze (of Purrling Hiss/Birds of Maya) Mon 9/23 Philadelphia, PA @ Johnny Brenda’s w/ Mystic 100’s

* w/ Kurt Vile and the Violators

And other upcoming Petty Bunco shows… July 5 - Mordecai, The Spatulas, Overt Hostility @ Jerry’s On Front Aug 2 - Nod, Emily Robb, Mike Polizze @ Century Bar

We'll have copies of the newly landed "If I Am Misery Then Give Me Affection" repress at the merch table. See ya there!

polaroid by Kurt Vile

#emily robb #petty bunco #Kurt vile #rosali

4 notes · View notes

kennak · 1 year

Quote

これをさらに詳しく見てみると、バックドアはほぼ確実に、NIST SP 800-90A として実装されているバックドア乱数生成器 Dual_EC_DRBG に基づいています。ウィキより: >>> NIST SP 800-90A (「SP」は「特別出版物」の略) は、決定論的ランダムビットジェネレーターを使用した乱数生成に関する推奨事項というタイトルの、国立標準技術研究所による出版物です。この出版物には、暗号化で使用される、暗号的に安全であるとされる 3 つの疑似乱数生成器、Hash DRBG (ハッシュ関数に基づく)、HMAC DRBG (HMAC に基づく)、および CTR DRBG (カウンターモードのブロック暗号に基づく) の仕様が含まれています。以前のバージョンには、4 番目のジェネレーターである Dual_EC_DRBG (楕円曲線暗号に基づく) が含まれていました。 Dual_EC_DRBG には、米国家安全保障局 (NSA) によって挿入された盗用バックドアが含まれている可能性があることが後に報告されました。 Cavium の NIST FIPS-140-2、セクション 3.3 より [1] 承認および許可されたアルゴリズム: 暗号化モジュールは、次の FIPS 承認アルゴリズムをサポートしています。 *SP800-90 CTR DRBG 確定的乱数生成 32

スノーデンのリーク: Cavium ネットワーキングハードウェアには NSA バックドアが含まれている可能性がある | ハッカーニュース

3 notes · View notes

hapalopus · 1 year

Note

I just gotta give you props because when I went to pick up my two newest Ts a month or so ago the seller had a juvie HMac he was giving away for free. I was so tempted (because I mean… free good looking spider…) but your post on your pet blog about how challenging they are as pets was on my mind. I still think they’re gorgeous spiders but just not for my house.

Glad I could help! They're gorgeous and I can't wait to get another one some day. But they're very hands-off and pet holes

For those who don't know what we're talking about:

Fast, temperamental, and nervous spider with very painful venom

#spiders #ask

4 notes · View notes

ecommerce-yourguide · 1 year

Text

Kaufland API Upgrade: What are the Next Steps for Sellers using 3rd-party Extensions

Kaufland, one of the largest retail chains in Europe, has recently launched its latest version of Marketplace Seller API. The Kaufland Marketplace Seller API 2.0 is a significant upgrade to its predecessor and offers an extensive range of new features that can enhance the selling experience for Kaufland sellers.

The new API boasts of a Representational State Transfer (REST), the latest version of the Kaufland KPI available. It is protected by HMAC-based authentication & password methods; therefore, any anonymous access to the Marketplace Seller API is impossible.

Want to know more about how you can upgrade to the advanced and highly secure Kaufland API? Click the link to learn the procedure in a detailed manner- https://bit.ly/4336nGh

kaufland #cedcommerce #kauflandsellers #germany #ecommerce #marketplaces #shopifyseller #shopifystore

#kaufland #cedcommerce #kauflandsellers #germany #ecommerce #marketplaces #shopifyseller #shopifystore

2 notes · View notes

cloudgirlsinfo · 2 years

Text

https://bucket-prod-01.s3.eu-west-1.amazonaws.com/uploads/content/d9fe0f2b67694706993429bcc967cc27/talent/image/fbc58bba63ad40cdff39290f0e18db0e/5/0/5083974-big.jpeg?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Security-Token=IQoJb3JpZ2luX2VjED4aCWV1LXdlc3QtMSJGMEQCIEawsTbOJSn%2BLYPZjLhe34a4w61GFsZMi%2BA5RHH5z%2FCWAiA44ElwPcIcorwCtCi27zL8%2FVb1D3YCFbMbH8nAlcVkBCrMBAgWEAMaDDYxMzk4MzYwMDI5OCIMWwIvJeU7kOin%2BARbKqkE5JJYoEj0oJGc20xBl3SKG5Bl0fzbbq9skQFOYOQco7%2FidZ6M1TmsnemeT8WfjKpjM%2BT%2BVbl4xRYvCtMZ%2BwcVNMRVjptPNjV468%2FW%2B9oQBJCFhvNDR%2FpvLxNtxBsJDB06Nae%2FTTKw5sbiNi1PI5IVR5%2F8gU0guYmPbPR7%2FGsz8wwFBkxR5RnH%2FRSbu%2F9W9uyUfWo0UTPFDDnW7Z%2BHQd%2F82PiFnzTYGFvTLsZfs6jCNGpdHZMOhQuyvppDpYr3Nw05VHRXIBRHlu8nKnL7F1fefcJ9qcM3SaLebJmwsEGdCheDDhzVfvQs2pjZYxaTM5p6UKew6sYIeBgTkkISd24jFTt%2Fv%2FJ%2BebLnhtOQSicq%2B8Jh61Grs3qjCIsnJdgwEERZQpafvRIQlYvEWQiGFVL6lKBF8rn7a3cA1QbJtW9Xpa10owUbORlqmy7%2BzJy%2Fxb7AWft80xIkL2hQxb2KAA8g2w8LHT9MZGldPHCshp0hWwA1Oh9QHEPnUDIzuXDAZFFNizzZ94rbx7kpKHK1s8bAsF881YPlQAGmIKStB8dfyMo5nkqSKmJksz131gi%2FAeLw6bnMBxwO9MTnbDu6w%2BQedARb0bv8l%2FOsdMk1EWdBukiqBoxeiZ2Pg%2BxlzKQhSTmApnjBeuYo%2BYV%2FKiOnJqQYhCv1LfG%2BpsnhTxOHYPLUWKW9H0TvDauV2RsBu4mJZImjgPhJlpwR9V6DfKRDw8526UZwDodBF9ARdTDlq7WaBjqqARnFwaSzk68Bo8lAg14aKp7SOjnTDLuj2K5za1Yt5Ktg27pzfUG4i6mov1d25sJU44km5NDyDB3eeMxzBYdxXFnOdcyMp1DAMyGaHfUW7KnOA023xCPHZg0Tlk4c%2BSAkyteHDPxkF1EmX6PtzEicZ3SVzCOiGMTd5eo%2FlEh26wQ%2BVM9ztRtspsAyZPa7vNUpPfRKSSfblsqi37ushES3Pvb7TW374yIjgjy%2F&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAY55CGH2VIFRLM2H3%2F20221017%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20221017T132234Z&X-Amz-SignedHeaders=host&X-Amz-Expires=18000&X-Amz-Signature=d4a02f3e7bff524dae8736a00bcd43e2fa5fd0e7ce52e7400658de60afc81b1a

4 notes · View notes

vladstechnotes · 2 years

Text

Setup Yubikey 2FA on Debian 11

So you want to harden security by enabling two-factor authentication using Yubikey.

WARNING: VERY REAL RISK OF LOCKING YOURSELF OUT! MAKE SURE YOU KNOW WHAT YOU'RE DOING AND HAVE BACKUPS!

This guide will set up the so-called Challenge Response OTP mode. The online mode which require access to internet + Yubikey registration is out of scope.

Read the whole guide and then proceed step by step.

In a separate terminal get root console and keep it open in case you need to rollback changes (don't do anything in it):

$ sudo -s

Install Yubikey personalization package:

$ sudo apt install yubikey-personalization

Install "libpam-yubico" package:

$ sudo apt install libpam-yubico

Configuration of the Yubico PAM module will be requested. Enter this (do not enable anything!):

mode=challenge-response

Check installed package contents (will be useful later):

$ dpkg -L libpam-yubico

The main document of interest is

/usr/share/doc/libpam-yubico/Authentication_Using_Challenge-Response.adoc.gz

Read it as this guide is heavily inspired on it.

Plug in your Yubikey now.

Setup the slot #2 of the Yubikey for the OTP challenge-response mode:

$ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt62 -oserial-api-visible

This should generate a challenge-<digits> file in ~/.yubico/ directory.

This file is critical and should be protected.

$ chmod 600 ~/.yubico/challenge-<digits>

Return to libpam-yubico configuration and enable Yubikey support (first choice):

$ sudo dpkg-reconfigure libpam-yubico

Make sure the mode string is entered as shown above, asterisk is set next to Yubikey support and hit <Ok>.

Check PAM configuration:

$ cat /etc/pam.d/common-auth

You should see a line:

auth required pam_yubico.so mode=challenge-response

Now run the PAM update utility (read the man page):

$ sudo pam-auth-update

Open a new terminal and try running a sudo command:

$ sudo echo "It works!"

Enter your user password and notice green LED on the Yubikey lighting up. Remove the Yubikey, open another terminal and try to log in - it should fail.

You now have hardened system which requires two-factor authentication!

To troubleshoot issues, use the following mode line:

mode=challenge-response debug

Follow the same steps of the guide. Each sudo call will get a verbose log written to the console.

To uninstall, edit "/etc/pam.d/common-auth" to its previous state. Run pam-auth-update. Check log in works without a Yubikey.

#linux #two factor authentication #yubikey #debian

2 notes · View notes

bonitagreengambrell · 2 years

Photo

Join Smoothie King Friendswood & Grand Central Park at the AKA Houston Metropolitan Area Chapters “Black In Business Market!” Over 40+ black owned businesses will be showcasing their products and services. Scan the QR Code to register for this FREE event!!! We look forward to seeing you there!🛍️ @smoothiekinggcp @smoothiekingfriendswood #BlackInBusinessMarket #BuildOurEconomicWealth #HMAC #BlackInBusiness #doorprizes #giveaways #blackownedbusiness #OmicronTauOmega #SpringAKAs #wearesouthcentral (at Fifth Ward Multi-Service Center) https://www.instagram.com/p/Co-R0BzOLTM/?igshid=NGJjMDIxMWI=

#blackinbusinessmarket #buildoureconomicwealth #hmac #blackinbusiness #doorprizes #giveaways #blackownedbusiness #omicrontauomega #springakas #wearesouthcentral

0 notes

maxpctools · 2 years

Text

Open VPN Now Free Download

OpenVPN is an open-source tool for setting up encrypted point-to-point and client-server connections as well as virtual private networks. Open VPN offers answers to a variety of issues, such as connecting remote users; gaining access to home and business networks; establishing secure WiFi connections; and connecting securely to distant businesses.

Even with load balancing, failover, and granular access controls, VPN may be scaled up to provide a remote access solution for an entire company. OpenVPN blends security with user-friendliness.

Features of OpenVPN:

Supports HTTP, SOCKS, NAT, and network filters in addition to most other proxy servers. TCP or UDP transport-based network operations. The capacity to set up TAP bridges and TUN tunnels at the network level. Traffic congestion is effective. Employs 2048-bit keys and a variety of encryption techniques (MD5-HMAC, RSA). A number of authentication methods

#openvpn #OpenVPN #software #max_pc_tools #best vpn

1 note · View note

infinitywebinfopvtltd · 18 days

Text

How to Apply Free OTP Technology in Your App and Website: - Infinity Webinfo Pvt Ltd

One-Time Password (OTP) technology is a widely-used method to enhance security in apps and websites. By using OTPs, you can ensure that even if a user's password is compromised, their account remains secure. This guide will show you how to implement free OTP technology in your app or website, OTP implement, free OTP implement and how to apply free OTP.

APPLY FREE OTP TECHNOLOGY IN YOUR WEBSITE AND APP

1. What is OTP Technology?

OTP Explained: An OTP is a unique, time-sensitive code sent to a user to verify their identity. It is commonly used for two-factor authentication (2FA) or during sensitive transactions.

Benefits of OTP Implementation: OTPs provide an additional layer of security, making it significantly harder for unauthorized users to access accounts.

2. Choosing a Free OTP Service

To apply free OTP technology, you need to select a service provider that offers a free tier for OTP implementation. Here are some popular options:

Google Authenticator:

Description: Google Authenticator is a mobile app that generates time-based one-time passwords (TOTP). It's widely used and can be integrated with various systems and applications.

Features: Easy to use, secure, supports multiple accounts, offline functionality.

Integration: You can integrate Google Authenticator using libraries that support TOTP in your preferred programming language, like pyotp for Python or otplib for Node.js.

Authy:

Description: Authy by Twilio is another popular app for generating OTPs. It offers both TOTP and push-based notifications.

Features: Multi-device synchronization, backups, and support for both TOTP and SMS-based OTPs.

Integration: You can integrate Authy using their API, which allows for both TOTP generation and SMS-based OTPs. This is useful if you want to give users multiple options for receiving OTPs.

FreeOTP by Red Hat:

Description: FreeOTP is an open-source mobile app by Red Hat that generates TOTP and HOTP (HMAC-based One-Time Password) tokens.

Features: Open-source, supports both TOTP and HOTP, no ads, and privacy-focused.

Integration: Similar to Google Authenticator, it can be integrated into your system using TOTP libraries.

TOTP (Time-based One-Time Password) Algorithms:

Description: TOTP is a standardized algorithm used to generate time-based OTPs. It’s widely supported and is the underlying technology behind many OTP apps, including Google Authenticator and FreeOTP.

Features: Time-based OTPs are dynamic and expire after a short period, typically 30 seconds, making them more secure.

Integration: You can implement TOTP directly using libraries like pyotp (Python), otplib (Node.js), or other language-specific libraries. These libraries provide functions to generate and verify OTPs.

When choosing an OTP technology, consider your users' needs and the level of security required. All these options are robust and can significantly enhance the security of your website or app.

3. Steps to Implement OTP in Your Website or App

1. Choose an OTP Method

Decide whether you want to implement SMS, email, or app-based OTPs. SMS and email are easier for users but may incur costs if scaled, whereas app-based OTPs are cost-effective and secure but require users to install an app.

2. Select a Library or API

Use a free library or API that supports OTP generation and validation. Some popular options include:

Python: PyOTP library for TOTP and HOTP (HMAC-based One-Time Password).

JavaScript: speakeasy for TOTP and HOTP.

PHP: GoogleAuthenticator.php for integrating with Google Authenticator.

Node.js: otplib for generating OTPs.

3. Integrate OTP Generation

In your application, add code to generate OTPs. For example, using the PyOTP library in Python: # Generate a TOTP key totp = pyotp.TOTP('base32secret3232') otp = totp.now() print("Your OTP is:", otp)

This code generates a time-based OTP that you can send to the user.

4. Send the OTP

Once the OTP is generated, send it to the user via the chosen method (SMS, email, or app). For SMS, you might use a free or freemium service like Twilio, while email can be sent using SMTP libraries or services like SendGrid.

5. Validate the OTP

After the user enters the OTP, validate it using the same library. For example, in Python: is_valid = totp.verify(user_input_otp) if is_valid: print("OTP is valid!") else: print("OTP is invalid!")

6. Handle Errors and Expirations

Ensure that your implementation handles cases where the OTP has expired or the wrong OTP is entered. Provide user-friendly messages and options to resend the OTP if necessary.

Security Best Practices

Short Expiry Time: Ensure that OTPs expire quickly, typically within 30 seconds to 5 minutes, to minimize the risk of unauthorized access.

Rate Limiting: Implement rate limiting to prevent brute-force attempts to guess the OTP.

Secure Transmission: Always use HTTPS to send OTPs to avoid interception by attackers.

Backup Options: Provide users with backup authentication methods, such as recovery codes, in case they cannot access their OTP.

7. Verify the OTP

After sending the OTP, prompt the user to enter the code they received.

Verify the entered OTP using the service provider’s API or through custom logic if using an open-source library.

8. Ensure Security

OTPs should be time-limited, typically expiring within 5 to 10 minutes.

Use secure channels (like encrypted SMS) to transmit OTPs.

Implement rate limiting to prevent brute force attacks.

4. Testing Your OTP Implementation

Test thoroughly across different devices and network conditions to ensure reliability.

Verify that OTPs are correctly sent, received, and validated.

Ensure that expired or incorrect OTPs trigger appropriate error messages.

5. Scaling Beyond Free Tiers

As your app or website grows, you might outgrow the free OTP tiers. Consider upgrading to a paid plan to accommodate more users.

Evaluate your options to balance cost with the reliability and features you need.

Conclusion

Implementing free OTP technology in your app or website is a straightforward process that enhances security without incurring significant costs. By following the steps outlined above, you can apply OTP technology effectively, ensuring your users’ accounts and data remain secure. Whether you use a service like Google Authenticator, Authy, or FreeOTP by Red Hat, the key is to integrate, test, and secure your OTP implementation properly.

#OTP Technology #Free OTP TECHNOLOGY #OTP Implementing Free #Apply free #OTP #website and app development company

0 notes