The WiKID Blog | WiKID Systemshttp://www.wikidsystems.com/blog/2015-08-25T17:34:00+00:00The WiKID Blog, musings on two-factor authentication, information security and some other stuff.How to Increase the Likelihood that your Security Risk Recommendations are accepted2015-08-25T17:34:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/how-to-increase-the-likelihood-that-your-security-risk-recommendations-are-accepted/<p>Via <a class="external-link" href="https://twitter.com/adamshostack/status/636196680770043904" target="_self" title="">@adamshostack</a> came this post by <a class="external-link" href="https://twitter.com/lennyzeltser" target="_self" title="">@lennyzeltser</a> <a class="external-link" href="https://zeltser.com/business-managers-ignore-security-recommendations/" target="_self" title="">Why Business Managers Ignore IT Security Risk Recommendations.</a></p>
<p>It is a tremendous list of excellent content. I will turn this around slightly and discuss some thoughts on how to increase the likelihood that your security risk recommendations are accepted. In many ways this comes down to does your management trust you to wisely invest capital? Not just that, but relative to others in your organization. They are looking at a number of projects that require time and money across a broader view of the organization that just your department. It is their job to optimize the outcomes for the organization. How can you build the case that you're to be trusted over another manager? </p>
<p>Here is what I would look for:</p>
<p>1. Display that you have optimized for cost reduction already. Moving SSH off port 22 is a great example of this. It may not increase security, but it greatly reduces logs and thus optimizes the resources needed to manage and review logs. Standardized configurations may be another, depending on your organization. Demonstrate you can manage OpEx.</p>
<p>2. Show that you have optimized the use of your existing security infrastructure. The best example of this is <a class="internal-link" href="https://www.wikidsystems.com/WiKIDBlog/the-two-things-that-actually-work-in-information-security-and-how-to-deploy-them" target="_self" title="">the two things that are proven effective in infosec</a>: two-factor authentication and VPNs. Do your critical accounts use two-factor authentication for access? What about vendors? Is your firewall filtering mail attachments? Show you can manage CapEx. </p>
<p>3. Max out the use of free and open source tools. There are a lot of these in infosec and many can do all that you need. But often times not. This shows that you are aware of what's available and making informed decisions. For example: You have been using a free web-app scanner, but with the increased importance of the ecommerce site, a professional evaluation is warranted. This reduces the risk that you are paying an expert to find the easy problems and not the hard-to-find issues. Show you know how to use money wisely.</p>
<p>4. Know your capabilities. Most organizations cannot handle the bleeding edge. Trying to deploy a shiny new all-encompassing system that watches what all the users do every where will tax your resources and potentially fail big time. You need wins to maintain your credibility. Optimize for success. </p>
<p>To me this is just the infosec version of "Start where you are, with what you have" attributed to Teddy Roosevelt and Arthur Ashe. Corporations are just capital management organizations. The better the return on capital, the happier the shareholders, management etc. Your ability to consistently deliver projects on time and on budget will build your credibility. You should start with the basics. </p>
<p>(Note that I have not included any financial models on how to prove the value of your project. Maybe for another day. Or never.)</p>VPN services leak info via IPv62015-07-08T21:33:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/vpn-services-leak-info-via-ipv6/<p>Earlier this year, we released a set of packer scripts that allow you to easily build a <a class="internal-link" href="https://www.wikidsystems.com/support/wikid-support-center/tutorials/build-a-2fa-ready-openvpn-community-virtual-appliance" target="_self" title="">two-factor ready openvpn virtual appliance</a>. We have updated the scripts to turn off IPv6 because it seems that VPN services using <a class="external-link" href="http://www.theregister.co.uk/2015/06/30/worlds_best_vpns_fall_flat_in_security_tests/" target="_self" title="">Openvpn can leak information via IPv6</a>. (This was surely the easy fix. There may be better ones.)</p>
<p>I continue to believe that companies and organizations will need to deliver not just software but configurations. This update to our packer scripts shows how updates can be added and maintained over time. Eventually, IaaS providers like Amazon, Google, Digital Ocean, etc will make it easy to pull containers from services like Docker Hub and launch these configured containers for users. It will be as easy launch such a container configured to your needs as it is to use a VPN service - or any SaaS service. </p>Bridging Gunnar Gaps to create virtual circles2015-06-19T15:48:18+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/bridging-gunnar-gaps-to-create-virtual-circles/<p>If you haven't read Gunnar Peterson's post <a class="external-link" href="http://1raindrop.typepad.com/1_raindrop/2015/04/security-fast-and-security-slow.html" target="_self" title="">Security, Fast and Slow</a>, please do so now. It is about how Security's natural tendencies grate the natural tendencies of Development. Security needs to adapt to make it easier for Development to make the right decisions to bridges such gaps. I now call these "Gunnar Gaps". </p>
<p>As a security vendor, I wonder what we do to that might create or hopefully bridge such gaps. The best thing I think we do for developers is have easily downloadable API code examples that are LGPL-licensed. This means that a developer can quickly setup a WiKID server in a lab and integrate our API into their code base without talking to a sales person or worrying about licensing (LGPL allows you to use the code in a commercial application without releasing the code as open source). </p>
<p><a class="external-link" href="https://twitter.com/joshcorman" target="_self" title="">Josh Corman </a>hit on this same idea:</p>
<p><a class="external-link" href="https://twitter.com/joshcorman/status/606447781927092225" target="_self" title=""><img alt="devops for vendors" class="image-inline" height="185" src="https://www.wikidsystems.com/static/media/uploads/images/WiKIDBlog/.thumbnails/joshcormandevopsvendors.jpg/joshcormandevopsvendors-503x185.jpg" title="devops for vendors" width="503"/></a></p>
<p>Devs don't want paywalls, sales people, web forms that require email addresses, etc when working on projects. That's pure friction and gap-creation. </p>
<p>Devs like well documented code. And the best documentation is examples. We actually like providing example code that developers can cut and paste. It allows them to focus on exactly the functionality they need and it creates a much tighter feed-back loop to us. So, bridging the gap to developers works both ways and makes our product better too.</p>WiKID Strong Authentication Community Edition on the Amazon Cloud2011-05-31T15:17:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/wikid-strong-authentication-community-edition-on-the-amazon-cloud/<p>We have created a public AMI version of the WiKID Strong Authentication System for Amazon's EC2 cloud offering. While it is quite simple to install WiKID on a Redhat or Ubuntu linux AMI, we hope that this will make it even easier for people to learn about two-factor authentication. </p>
<p>In particular, we hope that developers working on cloud-based systems will take a look at our wAuth API and the <a class="internal-link" href="http://www.wikidsystems.com/downloads/api-network-client-packages/" title="API & Network Client Packages">code packages we have available for it</a> (Python, Java, PHP, Ruby, C#) and will add two-factor authentication to cloud-based services. </p>
<p>We've considered putting an Enterprise Version (see <a class="internal-link" href="http://www.wikidsystems.com/community-edition/" title="What's the difference between the Community release and Enterprise release?">the differences here</a>) up there too, but apparently we would have to accept payment through Dev pay and we haven't figure it out yet. If there is interest, we will.</p>
<p>To get the AMI, just search for WiKID is the AMI console! </p>
<p> </p>
<p> </p>2-factor for Ubuntu just got easier2011-05-10T15:10:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/2-factor-for-ubuntu-just-got-easier/<p>It's been busy around here. Today we finally released our WiKID Strong Authentication server .debs for Ubuntu. These packages have the same functionality as the RPMs, except that we don't currently have replication working (another story altogether).</p>
<p>The Enterprise Ubuntu <a class="internal-link" href="http://www.wikidsystems.com/downloads/wikid-strong-authentication-system-enterprise/" title="Download the WiKID Enterprise Server 3.4 Packages">.debs are available here</a>. The open-source Community version is available on our <a class="external-link" href="https://sourceforge.net/projects/wikid-twofactor/files/WiKID_Server/3.4/">sourceforge.net site.<br/></a></p>
<p>Please see <a class="internal-link" href="http://www.wikidsystems.com/support/faq/whats-the-difference-between-the-community-release-and-enterprise-release/" title="What's the difference between the Community release and Enterprise release?">this page for the differences</a> between the Enterprise and Community versions.</p>
<p>Additionally, we have simplified the installation of the server on both <a class="external-link" href="http://www.redhat.com">RedHat</a> and <a class="external-link" href="http://www.ubuntu.com/">Ubuntu</a> flavors. Functionally, we have fine-tuned the types of tokens that a server will support. Enterprise domains can be All token types, Locked tokens only, Wireless Only, or Wireless and Locked tokens.</p>
<p>We're excited to support the growing <a class="external-link" href="http://www.ubuntu.com/">Ubuntu</a> community. As always, we expect there will be some issues. Please feel free to contact us on #wikid on freenode or on the <a class="internal-link" href="http://www.wikidsystems.com/support/wikid-forums/" title="WiKID Strong Authentication Forums">support forums</a>.</p>Traditional two-factor authentication is dead.2010-10-13T16:30:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/traditional-two-factor-authentication-is-dead/<p>At <a class="external-link" href="http://www.securitybsides.org/BSidesAtlanta">Bsides Atlanta</a> last week, Eric Smith (@infosecmafia) and Dave Kennedy (<a class="external-link" href="http://www.twitter.com/dave_rel1k">@dave_rel1k</a>) demonstrated a real-time attack against a Juniper SSL-VPN that by-passes the authentication method used including time-bound one-time passcodes. (Dave's post on "<a class="external-link" href="http://www.secmaniac.com/october-2010/traditional-penetration-testing-is-dead-bsides-atlanta/">Traditional Penetration Testing is DEAD</a>" on their BSidesAtlanta talk inspired my title. ;)<br><br>This type of attack against SSL and DNS has been predicted for some time, taking advantage of user's willingness to accept any SSL certificate. Kudos to Eric and Dave for showing how this type of attack combined with a strategically aimed penetration test can really wreak havoc on an enterprise.</br></br></p>
<p>It's quite easy to perform a MiTM attack these days with malware, a rogue WiFi AP or a DNS cache poisoning. it is a serious concern and worth addressing.</p>
<p>The good news is that we have addressed it. WiKID has long supported a system of <a class="internal-link" href="http://www.wikidsystems.com/learn-more/technology-architecture/wikid-mutual-authentication/" title="WiKID Mutual Authentication">mutual https authentication</a> that validates the SSL certificate for the end user before they are presented the one-time passcode, in both the open-source Community Edition and the Enterprise Edition. The token will attempt to match a hash of the targeted site's certificate with one retrieved from the WiKID Strong Authentication Server. If they match, the OTP is presented and the browser is launched to the URL. If they do not match, an error message is presented.</p>
<p>I made a quick screencast demonstration to show how this works. Enjoy!</p>
<p><br> </br></p>Southeast Linux Fest review2010-06-14T14:46:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/southeast-linux-fest-review/<p>The Southeast Linux Fest was a great show. The organizers did a fantastic job. They were quite adept at hacking some fixes together to cover shortfalls such as writing up schedule signs for each room. </p>
<p>The morning keynote from Jono Bacon of Ubuntu was quite interesting. They are promoting development tools that will allow you to quickly "get to the fun", that is, to focus on writing code and not on packaging, version control, etc. They keystone of this effort is <a class="external-link" href="http://arstechnica.com/open-source/news/2009/08/quickly-new-rails-like-rapid-development-tools-for-ubuntu.ars">Quickly, a rapid development tool</a> and <a class="external-link" href="http://www.ubuntu.com/news/launchpad-ppa">Personal Package Archives</a>, which are basically a programmers own repository. I love this strategy. It is the open-source response to the App Store business model. What they will need to figure out is the trust model (as does Android/Google). As the recent IRC malware episode demonstrates, how do you promote/create a dynamic ecosystem while maintaining security? Apple has done this (to date). I still think that Oracle needs to create an app store for Java.</p>
<p>I enjoyed the talks from John "Maddog" Hall, Brian Smith of DNS.com, and Michael DaHaan from <a class="external-link" href="http://www.puppetlabs.com/">Puppet Labs</a> and many others. One problem is that I spoke at the same time as two other talks I wanted to see: Vicent Batts on the Hudson build system and the ever-wonderful Rikki Kite on getting published. </p>
<p>I spent some time with the vendors and sponsors as always. <a class="external-link" href="http://www.click2try.com">Click2try</a> is an interesting cloud play. They create virtual systems for demos and provide some sales support tools for their customers. I had a great talk with Paul Bibaud of <a class="external-link" href="http://www.pogolinux.com">Pogo Linux</a>. They have done appliance work for other security vendors such as Barracuda. We talked about the options for a WiKID appliance. They are killing it in the storage space, btw, with a ZFS-based solution that is screaming fast and much less expensive than EMC et al. I enjoyed spending time with the <a class="external-link" href="http://www.opennms.com">OpenNMS</a> team as always. They are very active at the fests and a great sponsor. And, to top it off, <a class="external-link" href="http://dualcoremusic.com/nerdcore/">DualCore</a> was the entertainment for the Saturday night party. </p>
<p>My talk was well-received, I think. I had standing-room only (in a smaller room ;), which is nice. I highly encourage information security professionals to present at Linux Fests around the country. While it's not the same as the big cons in Vegas and San Francisco, it's a great community that is interested in learning more about security. </p>
<p>I'm sure I left out a bunch people and companies. Apologies for that. Luckily, I can try again next year.</p>
<p> </p>Analyzing the Costs of Open Source Software in the Enterprise2010-05-26T19:10:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/analyzing-the-costs-of-open-source-software-in-the-enterprise/<p>Branden William recently did a guest post on Anton Chuvakin's blog about<a class="external-link" href="http://chuvakin.blogspot.com/2010/05/guest-post-first-ever-branden-williams.html"> properly analyzing the potential costs of utilizing open source software in an enterprise</a>. Branden states he's a big fan of open source, but wants to make sure that all the costs are included when deciding whether to go with an open source package vs a commercial package. Here's the list of costs:</p>
<p class="callout">Open source software that is freely downloadable does have a cost greater than zero, yet that cost is often left out of the comparison (or incomplete) between commercial and open source software packages. Here are some things to consider:<span class="Apple-style-span"><span class="Apple-style-span" style="text-align: left;">
<ul><li>Do you have to acquire equipment for this software to run? Be sure to include network infrastructure to support it.</li><li>How much of your time is required to keep it up to date? Estimate it, then use your salary plus bonus, and add anywhere from 15-25% for a benefit load. This will get you in the ballpark.</li><li>Do you need to hire a staff to keep it up to date? Use the same calc above.</li><li>Will someone else in your company have to support it? Same calc as above.</li><li>Will you need a second tier support contract from the open source group to handle advanced support issues?</li></ul>
</span></span></p>
<p><span class="Apple-style-span"><span class="Apple-style-span" style="text-align: left;">My first thought about this list is: How does licensing affect any of these items? I can't see how any of them would only be applied to open source but not commercial software. Is the assumption that if you purchase a Cisco firewall you won't need a firewall admin? Will you not get a support contract for it? <br/></span></span></p>
<p><span class="Apple-style-span"><span class="Apple-style-span" style="text-align: left;">Then it occurred to me: we spend a lot of time supporting commercial solutions. To be fair, typically this means how to integrate WiKID with this commercial solution and it is often with our commercial solution so we benefit. Often, our users submit content on how to integrate WiKID, which we then share. Moreover, on #wikid on irc.freenode.net, users often help each other. <br/></span></span></p>
<p><span class="Apple-style-span"><span class="Apple-style-span" style="text-align: left;">So my question is: Does the open and sharing nature of open source solutions reduce support and implementations costs?</span></span></p>
<p>My second question is: Would you add to your cost analysis formula an item for "giving back to the community"? <br/><span class="Apple-style-span"><span class="Apple-style-span" style="text-align: left;"></span></span></p>Sourceforge interview2010-02-03T14:59:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/sourceforge-interview/<p>The fine folks at <a class="external-link" href="http://sourceforge.net">Sourceforge</a> have a <a class="external-link" href="http://sourceforge.net/blog/two-factor-authentication-done-wikid-simply/">nice blog post</a> about us. It's nice to get some support from the open source community!</p>Security Justice podcast interview2009-10-26T21:12:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/security-justice-podcast-interview/<p>I was interviewed for the <a class="external-link" href="http://securityjustice.com/archives/89">Security Justice podcast</a> about WiKID, two-factor authentication, open source stuff and online banking security. </p>Webinar on Secure Remote Access2009-10-08T20:19:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/webinar-on-secure-remote-access/<p>We will be doing a webinar with <a class="external-link" href="http://www.nopsec.com/">NopSec</a>, one of our re-sellers on <a class="external-link" href="http://www.nopsec.com/index.php?option=com_performs&formid=4">Securing Remote Access with Open Source Solutions</a>. Please sign up! </p>
<p>The webinar will describe <a class="external-link" href="http://www.nopsec.com/index.php?option=com_performs&formid=4">how to combine two-factor authentication with various open source remote access solutions</a>. </p>Sector2009-10-05T14:20:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/sector/<p>I will be speaking at the Sector security conference in Toronto this week. The title of my presentation is "<a class="external-link" href="http://www.sector.ca/sessions.htm#Nick%20Owen">Moving Toward a More Secure Online Banking Experience</a>". It is indeed mostly about authentication for online banking (session, host/mutual/, transaction authentication), but also about the structure of the industry. </p>
<p>If you're in Toronto and want to meet, please track me (Nick Owen) down. The best way to get me <a class="external-link" href="http://twitter.com/wikidsystems">will probably be via twitter</a>. To follow all the Sector action on twitter, use the #sectorca hash tag!</p>Thoughts on Atlanta Linux Fest. Presentation uploaded.2009-09-22T15:20:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/thoughts-on-atlanta-linux-fest-presentation-uploaded/<p>For those of you who asked if my presentation would be online: <a class="external-link" href="http://www.slideshare.net/nowen/securing-network-access-with-open-source-solutions">http://www.slideshare.net/nowen/securing-network-access-with-open-source-solutions</a>. </p>
<p>Overall, I thought Atlanta Linux Fest was great. They had way more attendees than expected and I think they will need a bigger venue for next year. </p>Come to the Atlanta Linux Fest2009-09-14T19:04:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/come-to-the-atlanta-linux-fest/<p>If you're involved in Open Source and in the Atlanta area this weekend, you should come to the <a class="external-link" href="http://atlantalinuxfest.org">Atlanta Linux Festival</a>. <a class="external-link" href="http://atlantalinuxfest2009.eventbrite.com/">Registration is free</a> and you can see me do my presentation on <a class="external-link" href="http://atlantalinuxfest.org/node/63">Securing Network Access with Open Source technologies</a>. This talk will focus on how to let the good guys in using various FOSS technologies. It looks like a very strong lineup.</p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>Free OpenID service with two-factor authentication2009-08-26T13:07:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/free-openid-service-with-two-factor-authentication/<p>We're pleased to announce the beta release of <a class="external-link" href="http://wikid.com">http://wikid.com</a>, a free <a class="external-link" href="http://openid.net/">OpenID</a> service that uses WiKID for two-factor authentication. </p>
<p>There is a huge problem on the Internet today: static passwords. Users hate them, security folks hate them, helpdesks hate them. <a class="external-link" href="http://danielmiessler.com/blog/password-reset-mechanisms-the-online-security-threat-nobodys-talking-about"> Automated password reset mechanisms create a security nightmare</a>. </p>
<p>The biggest reason for the exponential growth in the number of passwords a user must maintain is that web-applications and services all need to track individual users to maintain integrity of data. Historically, this has been done with usernames and passwords. However, most web-based services don't actually require the level of security of a dedicated password. This services should instead support OpenID. You can maintain the integrity of an individual's data without requiring them to maintain a separate password for your system.</p>
<p>Of course, with the proliferation of social networking and the amount of personal information that can be gleaned from them, any 'keys to the kingdom' system such as OpenID needs to be protected! </p>
<p>OpenID isn't perfect by any means, but it's a damn good start. To be clear, our goal here is not to be in the OpenID business (that's why it's free). We simply wanted to provide a useful service and help demonstrate that two-factor authentication does not have to be expensive.</p>
<p>In fact, if you want to set up your own OpenID server with two-factor authentication, it is quite simple. Just grab the Community or Enterprise version of the WiKID Strong Authentication server and an OpenID library (we used <a class="external-link" href="http://code.google.com/p/openid4java/">OpenID4Java</a>) and integrate the two (<a class="internal-link" href="http://www.wikidsystems.com/support/web-application-how-tos" title="Web Application How-tos">examples are here</a>).</p>
<p> </p>Why we're sponsoring SecurityBsides during DefCon2009-07-23T22:28:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/why-were-sponsoring-securitybsides-during-defcon/<p>WiKID Systems is proud to be a corporate sponsor of <a class="external-link" href="http://www.securitybsides.com/BSidesLasVegas">BSidesLasVegas</a> this year during DefCon. I thought I would lay out why we think this is great opportunity:</p>
<ul><li>The attendees are key-influencers so the real reach is huge. The cost-benefit works. <br/></li><li>In general, I prefer to be a bigger fish in a smaller pond, since we're a smaller fish than most of the players who will have marketing booths at DefCon, we will stand out without having to stand around. <br/></li><li>It's an <a class="external-link" href="http://www.mckeay.net/2009/07/23/have-you-signed-up-for-security-bsides/">un-Conference</a>. So, it has to be cooler. This fits with WiKID, since we are also cooler. I swear.<br/></li><li>The other big security conference has a sponsor, our biggest competitor so not so keen on that.</li><li>Obviously, since we released an <a class="internal-link" href="https://www.wikidsystems.com/../community-version" title="Community Version">open-source version of WiKID</a>, we believe in open. And SecurityBsides is as open as a conference can get.</li><li>I think it will be a lot of fun. Especially putting some faces to the tweets. <br/></li></ul>The Two-Factor Authentication You Want At the Open Source Price Tag You Need2009-05-20T15:15:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/the-two-factor-authentication-you-want-at-the-open-source-price-tag-you-need/<p>Our partners at <a class="external-link" href="http://www.hurricanelabs.com/">Hurricane Labs</a> will be giving a two-part presentation this Friday on the new R70 from Checkpoint and on WiKID Systems:</p>
<p class="callout">Steve McMaster from Hurricane Labs will present "An Open-source Answer
to Secure Authentication". This talk will show you how to replace your
costly authentication system with an open-source, software-based
authentication system from WiKID Systems. See why software tokens are
easier, more cost-efficient, and just as secure as their closed,
hardware based alternatives.</p>
<p>Steve knows what he's talking about having written a version of the <a class="external-link" href="http://code.google.com/p/pywikid/">WiKID software token in python </a>and our documentation on porting the <a class="internal-link" href="https://www.wikidsystems.com/running-the-wikid-two-factor-authentication-server" title="running-the-wikid-two-factor-authentication-server">WiKID Strong Authentication Server to Ubuntu</a>. </p>
<p>So, if you are near <a class="external-link" href="http://maps.google.com/maps?q=4401+Rockside+Road,+Suite+310+Independence,+OH+44131&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&split=0&gl=us&ei=tx0USo_7LpSu8ASftemDBA&sa=X&oi=geocode_result&ct=image&resnum=1">Independence, OH</a> look up Hurricane Labs.</p>
<p> </p>Please Nominate WiKID!2009-05-14T12:39:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/please-nominate-wikid/<p>Please nominate WiKID for the Best Commmercial/Open Source Project on Sourceforge:</p>
<p><br/><a href="http://sourceforge.net/community/cca09/nominate/?project_name=WiKID%20Strong%20Authentication%20System&project_url=http://www.wikidsystems.com/community-version/?sf.net"><img alt="" border="0" src="http://sourceforge.net/images/cca/cca_nominate.png"/></a></p>VMware image for the Community Edition released2009-05-08T18:15:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/vmware-image-for-the-community-edition-released/<p>We have just released a VMware image of the <a class="external-link" href="https://sourceforge.net/project/showfiles.php?group_id=144774&package_id=321765">WiKID Strong Authentication Server Community Edition</a>. While we have offered up the <a class="internal-link" href="http://www.wikidsystems.com/downloads/wikid-strong-authentication-system-enterprise/" title="Download the WiKID Enterprise Server 3.3.8 VMware Image">Enterprise version of our two-factor authentication server </a>as a VMware image for some time, this is the first for the open-source community server. The reason for the delay was Sun's restrictive licensing for thier JDK. OpenJDK has made great strides recently and seems to do the job. While I would hesistate to use it in a corporate production environment, it is a great way to test WiKID. </p>
<p>Enjoy! </p>
<p> </p>
<p>UPDATE: We have uploaded a new VMware image with the corrected root password: wikid. Sorry for any convenience.</p>Two-factor authentication for Web-application developers2009-05-06T14:57:00+00:00adminhttp://www.wikidsystems.com/blog/author/admin/http://www.wikidsystems.com/blog/two-factor-authentication-for-web-application-developers/<p>We've done some re-arranging in the documentation area, creating a <a class="internal-link" href="http://www.wikidsystems.com/support/web-application-how-tos/" title="Web Application How-tos">special how-to section for adding two-factor authentication to Web-enabled applications.</a> Currently, we have:</p>
<ul>
<li><a class="internal-link" href="http://www.wikidsystems.com/support/web-application-how-tos/how-to-add-wikid-two-factor-authentication-to-a-php-application/" title="How to add WiKID two-factor authentication to a Ruby application">How to add two-factor authentication to PHP</a></li>
<li><a class="internal-link" href="http://www.wikidsystems.com/support/web-application-how-tos/how-to-add-wikid-two-factor-authentication-to-a-ruby-application/" title="How to add WiKID two-factor authentication to a Ruby application">How to add WiKID Two-factor Authentication to Ruby</a></li>
<li><a class="internal-link" href="http://www.wikidsystems.com/support/web-application-how-tos/how-to-use-wikid-in-a-jsp-application/" title="How to use WiKID in a JSP application">How to use WiKID in a JSP Application</a></li>
</ul>
<p>We want to reach out to developers writing secure applications. The WiKID API, wAuth, is quite simple to use as these documents demonstrate. We have <a class="internal-link" href="http://www.wikidsystems.com/downloads/api-network-client-packages/" title="Network Clients">wAuth packages that make it simple to integrate WIKID into Python, PHP, Ruby, Java and C#</a>. If you would like to see anything else (Perl?) please let us know! </p>
<p> Also of note: These wAuth packages are all LGPL so they can be used for both commercial and open source applications. </p>
<p> </p>