On 3/3/13 8:52 AM, cfo wrote:
On Sat, 02 Mar 2013 11:33:02 -0800, Jim Lux wrote:
I am interested in the timing behavior of my RSA fob, which changes
every 60 seconds. Since I'm not about to open it up and probe inside, I
was wondering if someone had a clever way, say using a USB web cam, to
log the changes over a 48 hour period. You'd point the web cam at the
fob, and it would log the time when the display changes Or one might
even be able to look at the blinking 1 pps indicator using a light and
photocell or something..
Isn't this "Just what the doctor ordered"
http://smallhacks.wordpress.com/2012/11/11/reading-codes-from-rsa-
secureid-token/
Yes, basically..
Of course, installing your token permanently (as shown in the article)
kind of defeats the purpose, since the idea of two factor authentication
is "something you know" (the PIN/password) and "something you *have*"
(the token). If you don't keep physical possession of the token, that's
a big problem.
In fact, the article is all about getting around having the human
there.. the PIN is entered by his software and his software reads the
token. So anyone who has access to his computer has access to his
identity. And I'll bet his computer is connected to the internet, so
that means *everyone* has access to whatever is secured by his token.
(after all he is doing it so he can get access to his work VPN).
Probably a good reason not to use NetArt Group s.r.o. in the Czech
republic (his employer) if you care about security.
I suppose, though, there are places that are more casual. After all,
there's that guy who outsourced his work to China and mailed the guy in
China his token.
_______________________________________________
time-nuts mailing list -- [email protected]
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
