Oddbean new post about | logout
TKay | 14 days ago (raw) | root | parent | reply | flag 
 That’s a nope. 

https://www.theverge.com/2024/9/4/24235635/yubikey-unfixable-security-vulnerability-side-channel-explot
Karnage | 14 days ago (raw) | root | parent | reply | flag +1 
 Doesn’t this require physical access?
TKay | 14 days ago (raw) | root | parent | reply | flag 
 I’m no expert. I just know they have a design flow that allows them to be hacked. 🤷‍♂️
Karnage | 14 days ago (raw) | root | parent | reply | flag +2 
 Seems low risk 

“The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target, and specialized equipment to perform the necessary attack,”
TKay | 14 days ago (raw) | root | parent | reply | flag +1 
 Good to know. Yeah, i suppose that is low risk.
ec0114a5 | 14 days ago (raw) | root | parent | reply | flag 
 Requires physical access and latest series not affected

https://www.yubico.com/support/security-advisories/ysa-2024-03/
TKay | 14 days ago (raw) | root | parent | reply | flag 
 Good to know.
Karnage | 14 days ago (raw) | root | parent | reply | flag 
 Cool. Mine were affected so I ordered some new ones 🙌 

Thanks for the heads up!