Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.sdf.org/users/joeo10/statuses/113076642976569369">Joe Ortiz (joeo10@mastodon.sdf.org)'s status on Wednesday, 04-Sep-2024 10:17:26 JST</a><a href="https://mastodon.sdf.org/@joeo10" title="joeo10@mastodon.sdf.org"><img src="https://gnusocial.jp/avatar/92668-48-20230128144844.webp" width="48" height="48" alt="Joe Ortiz" style="position: absolute; left: 0; top: 0;">Joe Ortiz</a><div><a href="https://toot.wales/@gavin57/113075724259275377" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/168772" title="gavin57@toot.wales">Gavin</a></li></ul></div></section><article><p><a href="https://toot.wales/@gavin57">@gavin57</a> <a href="https://hachyderm.io/@becomingwisest">@becomingwisest</a> <a href="https://infosec.exchange/@dangoodin/113076276124429268" rel="nofollow noreferrer">https://infosec.exchange/@dangoodin/113076276124429268</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3609682#notice-7081240">In conversation</a><time datetime="2024-09-04T10:17:26+09:00" title="Wednesday, 04-Sep-2024 10:17:26 JST">about 2 months ago</time> <span>from <span><a href="https://mastodon.sdf.org/@joeo10/113076642976569369" rel="external" title="Sent from mastodon.sdf.org via ActivityPub">mastodon.sdf.org</a></span></span><a href="https://mastodon.sdf.org/@joeo10/113076642976569369">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://infosec.exchange/@dangoodin/113076276124429268">Dan Goodin (@dangoodin@infosec.exchange)</a></h5><div> from <span>Dan Goodin</span></div></header><div>@rysiek@mstdn.social @thetechtutor@me.dm Thanks for coming to my defense Michal. The statement that only brief access is required comes from the ninjalab researcher. He believes a nation state attacker could devise a streamlined way to quickly tear down the YubiKey, extract the electromagnetic emanations needed, physically reconstruct it and return it to the target. The remaining key extraction would happen off-line in the hours following that. This scenario may or may not be realistic, so I have changed the word "brief'  to "temporary." Also, if anyone claims I said this attack is cheap, they're putting words in my mouth. The article makes clear in the cloning requires a tremendous amount of cryptographic and electric engineering expertise and $11,000 worth of equipment.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Joe Ortiz (joeo10@mastodon.sdf.org)'s status on Wednesday, 04-Sep-2024 10:17:26 JSTJoe Ortiz
in reply to
- Christopher Evans
- Gavin
@gavin57 @becomingwisest https://infosec.exchange/@dangoodin/113076276124429268
In conversationabout 2 months ago from mastodon.sdf.orgpermalink
Attachments
1. No result found on File_thumbnail lookup.
  Dan Goodin (@dangoodin@infosec.exchange)
  from Dan Goodin
  @rysiek@mstdn.social @thetechtutor@me.dm Thanks for coming to my defense Michal. The statement that only brief access is required comes from the ninjalab researcher. He believes a nation state attacker could devise a streamlined way to quickly tear down the YubiKey, extract the electromagnetic emanations needed, physically reconstruct it and return it to the target. The remaining key extraction would happen off-line in the hours following that. This scenario may or may not be realistic, so I have changed the word "brief' to "temporary." Also, if anyone claims I said this attack is cheap, they're putting words in my mouth. The article makes clear in the cloning requires a tremendous amount of cryptographic and electric engineering expertise and $11,000 worth of equipment.

Public

Embed Notice

HTML Code

Corresponding Notice