Oddbean new post about | logout
 nostr:nprofile1qqspdlfx7qq9fanp28rt67f9ahh5zkrpqwh3n4z9lylkda0zfv6yy7spzpmhxue69uhkummnw3ezumt0d5hszrnhwden5te0dehhxtnvdakz7qgawaehxw309ahx7um5wghxy6t5vdhkjmn9wgh8xmmrd9skctcsa39w3 Please be por precise and I quote: "All YubiKeys running firmware prior to version 5.7 are affected" 
 v5.7.0 only came out in March, so it's virtually all YubiKeys that are vulnerable to the exploit. Fortunately, the expense, technical complexity, and logistical requirements of successfully executing the exploit mean the vast majority of users aren't at any practical risk. But with Christmas coming up, it's probably a good time to spend $100 on a new pair of keys. Just make sure to buy directly from Yubico to ensure you get keys with the latest firmware.