mastodon.sdf.org is part of the decentralized social network powered by Mastodon.
"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko

Administered by:

Server stats:

2.3K
active users

Learn more

Joe Ortiz

If you have a , this is a must-read and it's not good at all as it's prone to cloning attacks with no fix in sight.

More here: arstechnica.com/security/2024/

@joeo10 fix in sight with new firmware used on hardware made since May.

@becomingwisest I'm sure newer made Yubikeys are going to be patched but the ones already in the wild (like all of them) aren't.

@becomingwisest @joeo10 Yup, it also requires the user to be really careless with their key around someone capable of fabricating a clone, whilst also handing that person their password. A bit of a storm in a teacup and they’re still safer than not using one.

@gavin57 @becomingwisest That makes replacing existing Yubikeys ever more important. Like I said, I'm sure newly made units are going to be patched but the ones already in the wild aren't.

@joeo10 @becomingwisest The unaffected firmware has been available for months. Worth upgrading for the first extra capacity anyway, but mine are thankfully unaffected —not that I plan to leave them lying around.

@joeo10 @becomingwisest Cheers, looks like nothing to worry about. An attack we’re unlikely to see in the wild and the main targets being heads of state, who can probably manage 100 bucks for a pair of new keys.