As a proof of ongoing work towards becoming industry leader in supporting open authentication standards, RCDevs is now proud to announce support for FIDO2 in its awards winning OpenOTP MFA platform. With FIDO2 RCDevs continues on it’s disruptive approach of providing strong authentication as free, for any small business and best in class affordable MFA for businesses of all sizes. With OpenOTP companies can leverage and enjoy the unique advantage of enterprise wide FIDO2 authentication, covering every corner of MFA, from corporate O365 and remote users to desktop login and privileged access.

If you like to start with FIDO2 today, visit rcdevs.com and get your best in class FIDO2 compliant MFA platform for free.


RCDevs has rapidly grown its reputation in Luxembourg in the last year and concluded many local deals in various sectors. This includes several European institutions, banks, investment funds and major government / public sector services.
RCDevs partnered with local service providers like Telindus and Excellium which also provide OpenOTP and SpanKey solutions to their own customers requiring Enterprise MFA and IAM solutions.
In the rest of the world, RCDevs acquired thousands customers and in more than 40 countries, including several fortune 500 companies. Our customers’ size scales from hundreds to hundred-thousands of users and cover various sectors and industries.


The new RCDevs’ SpanKey solution is now ready for sale (http://www.rcdevs.com/store)! SpanKey is a client-server solution which provides seamless AD accounts’ integration into your Linux environments, SSH access without key distribution and user session recording. SpanKey is licensed per server and packages are sold on RCDevs’ webstore or by contacting RCDevs sales. A 50% discount is offered for OpenOTP customers.

Our SpanKey2 main features are:
– Super easy setup (1 minute on a blank Linux host)
– AD accounts in Linux (no more PAM-LDAP or Winbind)
– SSH access (with offlinecapabilities)
– Host access permissions with simple server tagging
– Support for shared accounts (conserving personal audit)
– Graphical session recording in an encrypted DB or NAS
– Automatic account creation and temporary accounts
– Optional multi-factor login with RCDevs Push
– User enrolment via self-services
– Automatic SSH key expiration and renewal via email/sms
– Support for Hardware PIV keys and smatcards.
– Supported on most Linus distributions

Our next release will includes:
– Full MFA support (with challenge response and Hardware Tokens)
– Idle session detection and unlocking with AD domain password
– Sudo replacement (with on-the-fly system owner(s) validation via mobile push)
– Session sharing for collaborative work.

With SpanKey companies can gain control on all SSH key based access, with just one central entitlement storage: the already existing AD/LDAP. Simple, transparent and hassle-free. For more information visit http://www.rcdevs.com/solutions/ssh-key-management/


The FIDO Alliance has expanded its certification program to include multi-level security certifications for FIDO authenticators (such as physical security keys and biometrics).

With the authenticators, online service providers can choose the security level appropriate for their business, such as requiring higher FIDO certification for financial transactions than for general account information.


RCDevs extended its solution portfolio with MFA-VPN, a small-to-medium-business VPN server appliance for OpenOTP. MFA-VPN is easy to setup and provides secure remote access for your Active Directory or LDAP users, with pre-included multi-factor features like mobile Push Login (One-Tap login) and Universal Second Factor (FIDO-U2F). 


Oracle has released its first update round of the year, which includes fixes for products affected by one of the recently disclosed Spectre CPU vulnerabilities.

The database giant had the following:

“The January 2018 Critical Patch Update provides fixes for certain Oracle products for the Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) Intel processor vulnerabilities. Please refer to this Advisory and the Addendum to the January 2018 Critical Patch Update Advisory for Spectre and Meltdown MOS note.”


A 19-year-old vulnerability has been re-discovered in the RSA implementation from at least 8 different vendors—including F5, Citrix, and Cisco—that can give man-in-the-middle attackers access to encrypted messages.

Dubbed ROBOT (Return of Bleichenbacher’s Oracle Attack), the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on the vulnerable TLS servers.

ROBOT attack is nothing but a couple of minor variations to the old Bleichenbacher attack on the RSA encryption protocol.


We can pull out two small threads from this week’s episode to examine. Both deal with unauthorized access.

When we’re talking about information security, and not just cybersecurity, physical security is also part of the picture. We saw Elliot take advantage of small loopholes in the E-Corp NYC building security to infiltrate it rather easily. While employees were filing back in to the building after an evacuation, Elliot took advantage of the minor chaos and the crowds to steal a badge from a security guard, and then use it to get access to several different areas of the building – including rooms where he could connect directly to the (presumably secure) corporate network via ethernet.

1 2 3 6