Slashdot videos: Now with more Slashdot!
We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).
A Yubikey token looks like 'ficrtvulktgnerhddigbhcudufurijghfcckvchhjfli' and is a modhex (16 chars picked for being the same across charsets) and contains the following:
1) A public ID to identify the key
2) AES128 encrypted 128 bits containing the following:
a. Secret ID
b. Insertion counter (how many times its been plugged into a computer)
c. Token counter (within one insertion)
d. Timestamp (A counter counting the time since the token was inserted into the computer)
e. Random number
f. Checksum of the above
Their website has full specifications and documentation.
If, instead, the printer created a random self-signed certificate on first boot and the printer driver asks the user on a certificate change 'printer xyz appears to have changed its fingerprint, did you perform a factory reset?' (and on new printer add just save the certificate from the new printer on first use).
The above change would change the snake oil to some meaningful level of security (not 100%, but most likely the first setup isn't going to be MiTM'ed). Additionally if TLS isn't using forward-secrecy then a certificate shared across all devices allows anyone to decrypt logged traffic to/from any of these devices by extracting the key from the manufacturer provided fw image rather then having to hack it out of the physical device itself.
Looking at the Google Play textbook store (because its easy to look at and ebook prices seem the same across sources in my experience) they are between $40-$50 each, and then couldn't be transferred between devices (e.g. students) if they are given rather then loaned the iPad (article uses the term 'given'); again could be changed with a special contract.
If additional verification of identity is required then a password would be much safer behind a certificate (as an attacker trying passwords would need the users certificate and could easily be rate limited by account).
That being the case, there is little reason to use public IP's for them at all (since the entire range would have to be completely firewalled off, so using fe* or 10.* IP's doesn't really matter all that much and allows for somewhat easier auditing of the security situation.
Not a really great use, but its better then no use. I'd expect most offices would nix the idea of having assorted light colors throughout the cube farm as being unclean and disable the feature, leaving no use for all but some of the offices.
Chewing gum stuffed into the USB port is likely the most common and hardest to solve problem there. I presume they would have designed the contacts to be resistant to chemicals that dissolve gum to allow cleaning, but still not going to be pretty.
Other then that, its a big metal box, assuming the solar panel is covered in suitably tough plexiglass I don't see too much in the way of likely damage (but I'm not a vandal, who likely have more experience in how to cause problems that aren't easy to fix).
Russia wants similar ground stations set up in the US for their GLONASS system, which I think is fair (and good for users of navigation systems, if not for the US military which would like to be able to turn off Russia's navigation systems).
When enabled the client will sign (using their client cert, generally with a site-specific internally managed CA) all the communications after the key negotiation finishes, so if there is a middle-man that modified the certificate/keys the server will see the clients signature of the communications as incorrect (as the client and server wouldn't agree on what the communications were) even if the user overrides the SSL certificate warning or an attacker (or employer, or user, or vender) adds a fake/compromised CA to the trust store.
Doesn't work for sites without a support team to work with users and investigate failures or in cases where the internal CA is compromised, but for the highest of security needs its more effective then using Flash.
The price of the keys, however, is indeed unacceptable.
So, if the intent of work is to torture people with work then it might be effective, though afaik said people wouldn't likely get any more accomplished per earth-year then anyone else. Perhaps they would waste less time thinking that more wasted time has passed being wasted or something of that nature depending on what it covers.