Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/monkeyflower/statuses/113075533735700420">🦋 Benjamin West -  🐒🌻 (monkeyflower@infosec.exchange)'s status on Wednesday, 04-Sep-2024 05:39:04 JST</a><a href="https://infosec.exchange/@monkeyflower" title="monkeyflower@infosec.exchange"><img src="https://gnusocial.jp/avatar/182484-48-20240309233344.webp" width="48" height="48" alt="🦋 Benjamin West -  🐒🌻" style="position: absolute; left: 0; top: 0;">🦋 Benjamin West -  🐒🌻</a><div><ul><li></ul></div></section><article><p>Not great... but if they already have your <a href="https://infosec.exchange/@yubico">@yubico</a>  aren't you already kinda pwned?</p><p>“An attacker could exploit this issue as part of a sophisticated and targeted attack to recover affected private keys,” the advisory confirmed. “The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target, and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or authentication key.”</p><p><a href="https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/" rel="nofollow noreferrer">https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/</a></p><p><a href="https://infosec.exchange/tags/osint" rel="tag">#osint</a> <a href="https://infosec.exchange/tags/opsec" rel="tag">#opsec</a> <a href="https://infosec.exchange/tags/infosec" rel="tag">#infosec</a> <a href="https://infosec.exchange/tags/security" rel="tag">#security</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3609601#notice-7078643">In conversation</a><time datetime="2024-09-04T05:39:04+09:00" title="Wednesday, 04-Sep-2024 05:39:04 JST">about 3 months ago</time> <span>from <span><a href="https://infosec.exchange/@monkeyflower/113075533735700420" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@monkeyflower/113075533735700420">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
🦋 Benjamin West - 🐒🌻 (monkeyflower@infosec.exchange)'s status on Wednesday, 04-Sep-2024 05:39:04 JST🦋 Benjamin West - 🐒🌻
- Yubico
Not great... but if they already have your @yubico aren't you already kinda pwned?
“An attacker could exploit this issue as part of a sophisticated and targeted attack to recover affected private keys,” the advisory confirmed. “The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target, and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or authentication key.”
https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/
#osint #opsec #infosec #security
In conversationabout 3 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice