On Fri, 2014-10-24 at 14:32 -0700, Keith Lofstrom wrote: > On Fri, Oct 24, 2014 at 11:36:37AM -0700, [email protected] wrote: > > I am considering doing a talk on two factor authentication using hardware > > tokens as a talk for PLUG. > > > > Are people interested in that? Should I gear this for Advanced Topics or a > > regular meeting? > > Advanced Topics, please. > > I am particularly interested in the thinking that goes into > identifying and correcting weaknesses, even after the hardware is > deployed. And the social engineering that must be done on management > to convince them that by the time a vulnerability emerges in the > wild, it can be way too late to protect the public. Or protect > the corporation that sold the devices from bankrupting lawsuits. > > I am in the middle of such a problem right now.
That sounds like a different talk. There are disclosure rules for vulnerabilities that cover this sort of thing. I can do that talk at a later date. After getting both of the hardware devices, the talk may be for a general audience. These are starting to be used for all sorts of general purpose web sites. Might even be used on facebook at this point. (I don't use it, but I might set up a bogus account to test this.) I will know more the farther I get into the project. _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
