The new RCDevs’ SpanKey solution is now ready for sale (http://www.rcdevs.com/store)! SpanKey is a client-server solution which provides seamless AD accounts’ integration into your Linux environments, SSH access without key distribution and user session recording. SpanKey is licensed per server and packages are sold on RCDevs’ webstore or by contacting RCDevs sales. A 50% discount is offered for OpenOTP customers.

Our SpanKey2 main features are:
– Super easy setup (1 minute on a blank Linux host)
– AD accounts in Linux (no more PAM-LDAP or Winbind)
– SSH access (with offlinecapabilities)
– Host access permissions with simple server tagging
– Support for shared accounts (conserving personal audit)
– Graphical session recording in an encrypted DB or NAS
– Automatic account creation and temporary accounts
– Optional multi-factor login with RCDevs Push
– User enrolment via self-services
– Automatic SSH key expiration and renewal via email/sms
– Support for Hardware PIV keys and smatcards.
– Supported on most Linus distributions

Our next release will includes:
– Full MFA support (with challenge response and Hardware Tokens)
– Idle session detection and unlocking with AD domain password
– Sudo replacement (with on-the-fly system owner(s) validation via mobile push)
– Session sharing for collaborative work.

With SpanKey companies can gain control on all SSH key based access, with just one central entitlement storage: the already existing AD/LDAP. Simple, transparent and hassle-free. For more information visit http://www.rcdevs.com/solutions/ssh-key-management/


The FIDO Alliance has expanded its certification program to include multi-level security certifications for FIDO authenticators (such as physical security keys and biometrics).

With the authenticators, online service providers can choose the security level appropriate for their business, such as requiring higher FIDO certification for financial transactions than for general account information.


RCDevs extended its solution portfolio with MFA-VPN, a small-to-medium-business VPN server appliance for OpenOTP. MFA-VPN is easy to setup and provides secure remote access for your Active Directory or LDAP users, with pre-included multi-factor features like mobile Push Login (One-Tap login) and Universal Second Factor (FIDO-U2F). 


Oracle has released its first update round of the year, which includes fixes for products affected by one of the recently disclosed Spectre CPU vulnerabilities.

The database giant had the following:

“The January 2018 Critical Patch Update provides fixes for certain Oracle products for the Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) Intel processor vulnerabilities. Please refer to this Advisory and the Addendum to the January 2018 Critical Patch Update Advisory for Spectre and Meltdown MOS note.”


A 19-year-old vulnerability has been re-discovered in the RSA implementation from at least 8 different vendors—including F5, Citrix, and Cisco—that can give man-in-the-middle attackers access to encrypted messages.

Dubbed ROBOT (Return of Bleichenbacher’s Oracle Attack), the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on the vulnerable TLS servers.

ROBOT attack is nothing but a couple of minor variations to the old Bleichenbacher attack on the RSA encryption protocol.


We can pull out two small threads from this week’s episode to examine. Both deal with unauthorized access.

When we’re talking about information security, and not just cybersecurity, physical security is also part of the picture. We saw Elliot take advantage of small loopholes in the E-Corp NYC building security to infiltrate it rather easily. While employees were filing back in to the building after an evacuation, Elliot took advantage of the minor chaos and the crowds to steal a badge from a security guard, and then use it to get access to several different areas of the building – including rooms where he could connect directly to the (presumably secure) corporate network via ethernet.


The rise of the internet of things (IoT) and operational technology (OT) is causing serious anxiety for security and line of business (LoB) leaders, thanks to the negative business ramifications a security failure can have on critical business operations. Yet most organizations in a survey from Forrester Consulting lag when it comes to their security profiles in these areas.


As the first 2FA innovation vendor in the world, RCDevs now offers One Time Password login also for Windows, even for those logging in offline. No longer companies will need to fall short in compliance, failing to enable OTP for those without an internet connectivity. RCDevs’s unique Windows offline support in latest OpenOTP Credential Provider allows users login to Windows with OTP anywhere and at any time, providing superior all-encompassing 2FA solution for all Windows access.

1 2 3 6