Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Patrick C Miller :donor: (patrickcmiller@infosec.exchange)'s status on Friday, 17-May-2024 07:42:03 JST Patrick C Miller :donor:

MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn https://www.hackread.com/mitm-attacks-can-bypass-fido2-security/
In conversation Friday, 17-May-2024 07:42:03 JST from infosec.exchange permalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.hackread.com
  
  MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn
  
  from Deeba Ahmed
  
  Follow us on Twitter (X) @Hackread - Facebook @ /Hackread
- Embed this notice
  Varbin :arctic_fox: :gay_furr: -> FUKS@39c3 (varbin@infosec.exchange)'s status on Friday, 17-May-2024 09:14:47 JST Varbin :arctic_fox: :gay_furr: -> FUKS@39c3
  in reply to
  
  @patrickcmiller
  There is something off here:
  1. There never was a claim for FIDO2 being MITM resistant.
  2. FIDO2 isn't even attacked at all, but other parts of the system
  3. Even those systems are attacked outside of the established security models (mainly, that TLS works and the browser's session storage is not hijacked).
  In other words: Even the most secure door lock does not protect against burglars blowing up the roof. There is no surprise here.
  
  In conversation Friday, 17-May-2024 09:14:47 JST permalink

Feeds