If you have a #YubiKey, this is a must-read and it's not good at all as it's prone to cloning attacks with no fix in sight.
@joeo10 fix in sight with new firmware used on hardware made since May.
@becomingwisest I'm sure newer made Yubikeys are going to be patched but the ones already in the wild (like all of them) aren't.
@becomingwisest @joeo10 Yup, it also requires the user to be really careless with their key around someone capable of fabricating a clone, whilst also handing that person their password. A bit of a storm in a teacup and they’re still safer than not using one.
@gavin57 @becomingwisest That makes replacing existing Yubikeys ever more important. Like I said, I'm sure newly made units are going to be patched but the ones already in the wild aren't.
@joeo10 @becomingwisest The unaffected firmware has been available for months. Worth upgrading for the first extra capacity anyway, but mine are thankfully unaffected —not that I plan to leave them lying around.
@joeo10 @becomingwisest Cheers, looks like nothing to worry about. An attack we’re unlikely to see in the wild and the main targets being heads of state, who can probably manage 100 bucks for a pair of new keys.