Pulse of Truth

1441 readers

120 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (arstechnica.com)

submitted 11 months ago by lemmydev2 to c/pulse_of_truth

2 comments fedilink hide all child comments

Sophisticated attack breaks security assurances of the most popular FIDO key.

top 2 comments

sorted by: hot top controversial new old

[–] qprimed@lemmy.ml 5 points 11 months ago

These chips and the vulnerable part of the cryptographic library went through about 80 CC certification evaluations of level AVA VAN 4 (for TPMs) or AVA VAN 5 (for the others) from 2010 to 2024 (and a bit less than 30 certificate maintenances).

confidently insecure. just the way we all like things.

[–] MrPibb@lemmynsfw.com 4 points 11 months ago

Considering how much they charge per key, they can probably send out new keys to everyone without making much a dent in their profits.