Thread replies: 43
Thread images: 1
Thread images: 1
File: 800px-SecureID_token_new.jpg (45KB, 800x600px) Image search:
[Google]
45KB, 800x600px
I found one of these. What can I do with it?
>>
You can do as much as your limited Intelligence will allow you.
>>
report yourself to the nearest homeland security offices and admit your thought-crimes immediately.
>>
only one thing you can do with it op
up the bumhole it goes
>>
>>927620
It says what to do with it on the back.
>>
>>927620
well, someone's going to lose a good chuck on their paycheck for losing one of those.
>>
Portable random number generator
>>
>>927620
It makes psudo-random numbers used for computer security systems.
There's a login name, password and the number that thing spits out. Each of those devices is tied to the login name. The user can't log in without getting a number from that thing and can't use anyone elses device to get a number. Each number can only be used once.
This makes it very difficult to log in under someone elses ID, and makes stealing IDs very difficult.
>>
>>927659
Precisely. By itself, useless unless you need a "random" number generator. However, someone is pissed that they lost it. If it has return instructions or owner info, don't be a dick. Return it. Hell, maybe even contact RSA and see if they want it back.
>>
>>927645
Why? they're inexpensive and take minutes to replace with a call to the tech support line to the company's IT team.
My last company used them. They're something like $10, next day shipped to an employee, and it took a total of about 30 man minutes to line up.
Whoever lost it is kinda locked out from their VPN for a couple days.
>>
Hey, hey, I use one of those to work from home
Trust me, they are absolutely worthless to those who don't know who they belong to.
>>
>>927645
Where I'm from its illegal to dock wages for losing or damaging equipment. You can absolutely lose your job for it, which in practice is the same as what you said. No moneys
>>
>>927620
I found one of those a couple of years ago too, I just threw it after a while didn't know where to return it I think the battery died too.
>>
Invent some kind of drunken betting game to hustle/siphon your friends. Pay 3:1 odds if they can guess within 10 numbers of what the last two digits are on the next change. Offer 5:1 if they double down. The 1 minute cycle will keep things popping and not give them time to think.
>>
>>927769
And oh yeah.
Phase III = profit
>>
Why don't you take it apart and UART
>>
>>927620
My company replaced all of them a few years ago due to some flaw so I have a spare floating around.
I have yet to find a use. It effectively a two factor auth hard token. I have no idea how it could be attached to any other services though. I would love to use the spare one for Google or something.
>>
>>927769
Get them to bet if the last digits are the same
2:1 for XX
3:1 for XXX
Call it something fun like "Hey, Paul!'
Call it
>>
That is a key generator for a domain registry generates a new code every 30 secs I believe
>>
>>927769
Best idea here. There's no way to use it for your own authentication unless you get the private key that corresponds to it.
>>
So someone correct me
it's kinda like frequency hopping on radios for security, and operates on an internal clock that is in sync with the server, and every n seconds it generates a new code based on the current time.
the user inputs the code during this time and the server confirms because it has the same clock timing
is this the deal here?
>>
>>930821
More or less.
https://en.wikipedia.org/wiki/RSA_SecurID
>>
>>930837
yeah I thought so, it's the same concept we use in military radios.
I know for a fact losing a radio is a fucking big deal, especially for NATO countries, as they sync their signalling gear, so one lost radio by a British marine in kenya means us chumps sitting in the solomon islands need to re-erf our radios and reset the clocks incase the baddies get a hold of the radio clocks, ostensibly.
it's the most retarded thing ever
so you COULD get the server clock rate from this dongle or whatever you call it.
not that that would be any good without user/password
and reading internal memos from your local building supply chain or other pointless company is a waste of time
>>
>>
>>930840
Losing these keychains isn't going to be a big deal.
I think I mentioned previously that my company issued everyone new ones because the old ones were faulty. The old was basically just went in the trash.
We use them to to log I to some systems remotely and they are all different and tied to a user via the serial number on the back.
You also have to type your own static code set up when you set the dongle up not just the numbers on the screen.
It's the same as any other two factor auth. You could probably order something like it on amazon. You can even download an app version for any phone.
>>
>>930785
That really is the only use for this thing.
And be sure to get it while it lasts. Check the embossed text on the back, it will have an expiration date. It self destruction on that date (it blanks the display, nothing interesting. Sorry Abu)
>>
>>927769
straight thug outta compton
In case anyone cares, this is how passwords will be phased out in the next few years
Everyone will have an app on their phone that generates random numbers. It will be used, in connection with username, to log into all accounts and whatnot
>>
>>931415
You will still need a password. It's two-factor authentication, not different-factor authentication.
>>
>>931415
This technology has been around for over 13 years.
Passwords and dumbass password policies are still around because it's too difficult to code it correctly and every asshole with a web development certificate thinks he's a goddamn security expert.
It's not gonna phase out until google/Microsoft/apple make it idiot proof to do seamlessly in the background of the phone. The app will just ask the phone 'is the user highly authenticated? Okay.'
>>
>>927620
show us the serial number on the backside
>>
>>931415
Not if google has anything to say about it. They want to use your biometric data in order to log you in. Not just fingerprints, but how you walk, your voice and your location when you log in will all be considered before allowing you access into the system.
>>
>>927727
Actually losing your job hurts the company because they have to hire someone else. The other way would only provide benefit to the company.
>>
>>931536
If someone wrecks a a couple $10000 machines it would be much cheaper to replace the employee.
>>
>>931577
Yeah, but we're talking about a keychain.
>>
>>931419
Rsa is two factor.
You have a password memorized that you put in before or after the rsa id, depending on policy.
I hate the fucking numb nuts in security/it though goddamn.
>tablet sign in
>intranet sign in
>rsa signin w/rsa salt.
>I am in posession of an authorized >passwords expire every two months
Fffuck you it motherfuckers. this isn't the goddamn kremlin.
>>
>>931584
I assumed you were speaking generally because anyone that gets fired over a keychain had a boss who was looking for a reason already.
>>
>>931664
>I hate the fucking numb nuts in security/it though goddamn.
>>tablet sign in
>>intranet sign in
>>rsa signin w/rsa salt.
>>I am in posession of an authorized >passwords expire every two months
Security expert here... Retarded users bring this on themselves.
>give a user a spare access card. User doesn't report the loss of the first one. They wait until both are lost and they are inconvenienced. Meanwhile access cards are floating around out the, active.
>lose phone or laptop on train
>allow hethen spawn to fuck around on the Web using their work laptop.
>email confidential documents to their AOL email address so they can "here from home" and not be bothered with carrying a laptop.
>passwords on the post-it note under the keyboard.
>>930891
This is accurate. There are options for setting up an RSA system that will use only the token code and not require a PIN or password. But what would be the point? Only retarded end users would set it up like that.
I'm seeing a lot of companies dumping the RSA tokens and instead using one of the services that sms a code to your phone. No app needed, no extra dongle, no whiney bitches complaining fashion trumps security and therefore they don't have pockets so they leave their RSA token next to their keyboard.
>>
>>932526
>I listened to yet another conference presenter complaining about security awareness training. He was talking about the difficulty of getting employees at his company to actually follow his security policies: encrypting data on memory sticks, not sharing passwords, not logging in from untrusted wireless networks. "We have to make people understand the risks," he said.
>It seems to me that his co-workers understand the risks better than he does. They know what the real risks are at work, and that they all revolve around not getting the job done. Those risks are real and tangible, and employees feel them all the time. The risks of not following security procedures are much less real. Maybe the employee will get caught, but probably not. And even if he does get caught, the penalties aren't serious.
>Given this accurate risk analysis, any rational employee will regularly circumvent security to get his or her job done. *That's what the company rewards, and that's what the company actually wants.*
-- Bruce Schneier
>>
>>932526
There is no godda.n excuse for needing 4 authentication factors that need to be replaced with braindead password olicies every two months.
Fuuuck youuuuu. You don't actually know fucking anything you goddamn shit eater. Everyone in the company wants to beat the shit out of you. You can't design a UI for shit goddamn haaaaaaa fucking fuuckkk you.
>>
>>932549
It could be worse.
I know our systems work with a global log in system, a lot of internal systems use it.
But they don't all use it. So I have like 10 passwords with different schema requirements, some of which expire more frequently than I even use the particular web site.
I have one now that has been giving me emails daily telling me "Your password will expire in -30 days because it expired 30 days ago. The email doesn't even tell how to change or reset the password. It's the most retarded thing ever.
>>
>>927727
wage theft, at least in america, is common, paying for clothing they require you to use, and sure you could go to court, but its 10-20$ and legal fees are a hell of alot more making it not worth it. but losing or damaging company property, outside of normal wear and tear is either grounds to be fired or docked pay, largely dependant on how much you are worth to the company.
>>
>>931577
friend is a machinist, i think the most expensive thing he fucked up was 50 grand.
a few of the things he made were fucked up but that was due to the person who ordered it fucking up on their end.
>>
>>929065
same here, id be willing to pay 10-20$ for a key like this, even across multiple accounts...
now there is an idea for a business.
Thread posts: 43
Thread images: 1
Thread images: 1