One would hope that verification codes would be extremely random. More randomness makes it harder for a malicious entity (person or computer) to guess the code. Less randomness makes it easier. With all the Two-Factor Authentication (2FA) out there, we hope there is enough randomness in these methods to make them unguessable by someone attempting to… Continue reading Verification Codes
Tag: authentication
OpenSSL Handshake
One of the questions we ask our clients initiating an engagement to help them setup external authentication from our LMS to their server is, “What is the certificate authority for your SSL certificate?” We have been burned by people purchasing certificates from authorities Java does not support. (And the support is indeed limited compared to say,… Continue reading OpenSSL Handshake
Email Harvesters
I missed the story about brothers convicted of harvesting emails the first time. Well, I noticed a followup. Back around 2001, the CIO received complaints about performance for the web server. So, I went log trolling to see what the web server was doing. A single IP dominated the HTTP requests. This one IP passed… Continue reading Email Harvesters
LMS Security
This morning there was a flurry of effort to locate an article called “Hacking WebCT.” My coworker was able to locate it. We were disappointed. The main points of the article were: Lazy administrators make compromising user accounts easy. Lazy instructors make getting questions for assessments easy. These apply to any LMS. So, here is some… Continue reading LMS Security
Tale of Defeating the Crazy Woman
Babies are fascinated by me. When the two of us are in a room, they often find me the most interesting thing in the room. Usually, it is mutual. So, a mutual friend of a friend, Mojan has a fantastic blog. The past year or so has been about being pregnant and most recently figuring… Continue reading Tale of Defeating the Crazy Woman