@eingfoan nfc reader plugged through USB. No drivers required. Not coupled with physical access at the time.
I've heard of another manufacturing company deploying 3 technologies badges (#PKI through contact, contactless #Mifare for physical access, #fido2 enabled for future use)

@eingfoan did a POC with Neowave cards that went live afterwards. Main target population was warehouse workers on shared workstations. Worked like a charm 👌
https://neowave.fr/en/products/fido-range/badgeo-nfc-fido-2/
#fido #webauthn #pki #security #2fa #fido2 #nostick #contactless

#Blog #Sysadmin #Windows #PKI

The Missing Introduction of Active Directory Certification Services (https://blog.yuuta.moe/2023/08/15/adcs-intro/)

ADCS is a widely-used online CA, but many admins get lost due to its lack of docs.

How did I not know this existed? #CAA #DNS #PKI #TLA https://fosstodon.org/@letsencrypt@infosec.exchange/110458619053412653

openssl genrsa -out key.pem 2048
#matrix #reloaded #keymaker #openssl #pki

#Blog #sysadmin #PKI #Windows #ADCS

https://blog.yuuta.moe/2023/06/28/rotating-adcs-two-tier-ca/

Why CSOs are prioritizing PKI infrastructure as they adapt to post-quantum cryptography [Q&A] #QandA #PKI #Cybe

https://betanews.com/2023/06/28/why-csos-are-prioritizing-pki-infrastructure-as-they-adapt-to-post-quantum-cryptography-qa/

@eniko @lori @glassbottommeg Considering the sheer unreliability of the #SSL #PKI for identity-verification, I don't think it makes much sense to pay for the big corpo certs for the majority of sites.

And even for them, without certain very specific #DNS security mechanisms that are barely used (some are also missing at the moment; cc @dalias) you just need one of those authorities co-opted by feds to completely break the system, which has been done before.

Survey results from @PonemonResearch show the urgent need for a data-driven approach to managing #machineidentities at scale. #cybersecurity #PKI #zerotrust https://venturebeat.com/security/managing-machine-identities-in-a-zero-trust-world/ #press

I just found a gap in my #crypto setup. Deploying all servers is fine until you get to the #PKI server itself, as it can not be trusted to authenticate itself.

I'm working on a solution now, but this one is tricky and interesting and I'm enjoying the challenge.

The solution will likely be published at some point.

#ZeroTrust

RT @PeoplesForumNYC
❗️Did you know that the Indonesian Communist Party (#PKI) was the largest communist party outside of the Soviet Union and China, until the U.S. backed genocide in 1965?

🧵👇🏽A thread

TIL about how the ssh group was working on a replacement to x.509 pki and ca's that we stuck with in large part because of the web. Maybe it's time for from fresh thinking about this with sold new and old ideas.

https://theworld.com/~cme/html/spki.html

#postweb #ssh #pki

Non riuscivo a fare funzionare l'autenticazione tramite #PKI in Linux e poi ho scoperto che è in problema di Firefox: usando #Brave funziona bene.

Sono passato da workstation window$ a #Linux Mint!

Next up in our #EverythingOpen Speaker Spotlight, we have Fraser Tweedale @hackuador talking #cryptography and #PKI, demonstrating #Kerberos #PKINIT as a password replacement:

https://2023.everythingopen.au/schedule/presentation/43/

This is one of these days when I really don't like being my own #CA.
I had to check how much mess did my Bash script with these metadata files #openssl produces. And was surprised when I saw nothing was broken. But obviously I found other "interesting" things in metadata.
Expired certs somewhere? Should I worry? This is not critical service (yet?), but it's in the internet. Something should be done.
As I am my own CA *I* have to do something with this, even if it's evening/night and I am tired. I feel I don't have enough energy/mental capacity for this :blobCat_tear:​
And for some reason when I looked at those metadata in file I felt... paralysed? Scared? Overwhelmed? It was strange and not pleasant.

Maaaaybe I wouldn't break anything if I try to do something...

#TLS #PKI #selhosting

¿Conoces el poder de EasyRSA? Te invito a leer este artículo donde explico qué es y cómo usarlo de forma general:

https://www.infraestructurasbigdatacloud.es/easyrsa/

#BigData #Cloud #Openssl #certs #pki

The Locksmith Active Directory (AD) Certificate Services (CS) remediation tool has been updated: https://github.com/TrimarcJake/Locksmith

New features:
- Support for Restricted Admin Mode. If RAM is detected, Locksmith will ask to be re-run using the -Credential switch.
- If the AD Powershell module is not installed on Win 10/11, Locksmith will attempt to install it for you.
Note: previously only available on server-class OSes.
- New functions for checking user type and elevation status.
- Auto-generated snippets for ownership issues (a subset of ESC4/ESC5).
- Support for non-English Active Directory evironments!

Next planned updates:
- Add individual CA Hosts to $SafeUsers using SIDs.
- Perform additional environment checks before attempting to run.
- Rename modes to something that makes sense.

#IAM #IdentitySecurity #CertificateServices #ActiveDirectory #ActiveDirectoryCertificateServices #ADCS #PKI #Locksmith #OpenSource #DefensiveSecurity #DefensiveSecurityTooling #Pizza

https://l33t.codes/2023/02/22/Have-My-Salt-And-My-Iterations-Too/ An attempt to explain things with less lingo and with some examples.

#crypto #cryptography #ecdsa #pki #somethingsomethingsec

InfoSec people can punch me if you like.

Mike Ounsworth from Entrust
will give an overview of
@ietf
progress at integrating Post-Quantum Cryptography into common Internet #protocols at the #PQC Conference of the
@pkic

Registration: https://lnkd.in/ecYSd9cN
Agenda and more info: https://lnkd.in/eQx7STfA

#security #postquantumcryptography #pki #pqc #ssh #ipsec #tls #ssl #dnssec #dane #saml #imaps #pops #smtps #webdav #vpn #irc #xmpp

@SpaceLifeForm There's exactly no reason why the kind of parties with access with "legitimate" root certificate spoofing authority wouldn't just apply the same thing at national internet exchanges (rather than just nobody Tor exits).

Such fake certificates wouldn't require any exceptions from the browser to keep working & have transparent #MITM either.

So it seems doubtful to me that's what's at work.

#PKI #TLS