Sunday, 20 January 2013

Yubico YubiKey

I ordered a YubiKey last night to play with, while waiting for shipping etc I started looking for details on the API and images to use on my site I was interested in how much I found by just surfing... Nothing of immediate concern but for a company who's business is security one would expect them to be extremely security conscious, yet so far:


 1 version behind on Apache release and display version details, server OS details etc


The wiki server is also a few versions behind. In addition the MediaWiki version used is 1.12.0 while version 1.20.2 is the latest... quite a few versions ago...


Have a directory listing enabled on another server:
 

The static content sync script contents with nice details in... Hi Jas?

The servers mentioned above and the main site also have ssh open to the world:



Makes me wonder what other things are open, behind in versions and how secure the "YubiKey OTP Validation server" really is?

I'll post more when I received the key, looks like a very cool device with amazing possibilities, they might just need a new sys admin!

No comments:

Post a Comment