Oddbean new post about | logout
 v5.7.0 only came out in March, so it's virtually all YubiKeys that are vulnerable to the exploit. Fortunately, the expense, technical complexity, and logistical requirements of successfully executing the exploit mean the vast majority of users aren't at any practical risk. But with Christmas coming up, it's probably a good time to spend $100 on a new pair of keys. Just make sure to buy directly from Yubico to ensure you get keys with the latest firmware.