Category Archives: Uncategorized

Controlling Your Interfaces (Part 1)

It was July 2000 and one could imagine the product manager’s frustration when he learned the news.  A hacker, going by the handle “Kingpin,” had found a vulnerability in the iKey® 1000*.  Furthermore, @Stake, a company associated with Kingpin was planning to go public with this information by publishing a security advisory.  The iKey® 1000 was poised to be a great success, and the last thing the Rainbow Technologies ** product manager needed was to have his information security device branded as “insecure.”

Joe Grand is known for white hat hacking

Joe Grand aka “Kingpin”

Fortunately, there was time to act.  @Stake had given Rainbow a grace period, just enough time to admit that @Stake had found something significant and to promise Rainbow’s customers that some necessary changes would be coming.    So, when @Stake released the advisory, describing the attack in sufficient detail for hackers to reproduce it, they also expressed admiration for Rainbow’s professionalism and responsiveness.


This was a consolation for Rainbow Technologies.  Of course, they would have looked better, if @Stake had not found the vulnerability.

The iKey® 1000 was designed to store passwords and private keys for authentication purposes, thus providing a means for 2 factor authentication.   The first factor (something you have) was the iKey® 1000, and the second factor (something you know) was a user password.  To access the passwords and private keys stored in the device, the user would provide the user password, and the iKey® 1000 would then provide access to the private keys or other passwords stored within it.  There was also a master password that could be used to access all of the iKey® 1000’s stored secrets.

* iKey® is a registered trademark of Safenet.
** In 2004, SafeNet merged with Rainbow Technologies.

To be continued in “Controlling Your Interfaces (Part 2)”