chiefgyk3d, 1 month ago to Cybersecurity

Big thank you to @yubico they are sending me two new Yubikey 5C NFC keys as I am no longer needing the Yubikey 5Ci as I no longer use lightning connections since I got an iPhone 15.

Yubico has been my longest running partner since I have been creating content. Thank you for the support over all these years and the many keys you have provided me.

#Cybersecurity #Infosec #Yubico #Yubikey #YubicoAmbassador

ezlin, 6 months ago to random

hm. Do I spend $30 (after shipping) on another #2FA #U2F security key, but this one can store 50 #TOTP (as well as work as a standard #FIDO2 #SecurityKey) entries.

Compared to #yubico #yubikey which is $50 (before shipping) and stores only 32 TOTP.

It'd only be around $22, but it apparently ships from Switzerland?

https://www.token2.net/shop/category/fido2-with-totp

But it's still $20 less than the Yubikey that does the same thing but with less storage.

Oh it's tempting!

Gotta sleep on it. G'night world!

#nerd #geek

bitwarden, 7 months ago to Cybersecurity

FIDO2 WebAuthn #2FA is now free for everyone! All users can secure their Bitwarden account using a hardware security key or other FIDO2 WebAuthn credential generator. Learn more here: https://bitwarden.com/blog/fido2-webauthn-2fa-in-all-bitwarden-plans

#cybersecurity #passwordsecurity #passwordmanagement #passwordmanager

nrohluap, 7 months ago to Cybersecurity

Started my career in cybersecurity over a dozen years ago. First assignment: fly to a client site and help deploy network HSMs. Which I had zero knowledge about.

Read the manuals on the two-hour flight. Landed as an expert 😜 Helped for two weeks, with a successful engagement and a happy client.

Today I was handed a new-to-me Yubico HSM2, and had three hours to perform and document how to stand up a new MSCA offline root with it using ECC.

Task completed 30 minutes early.

Now heading to a meeting with client to repeat the process in their environment.

Some things never change.

#CyberSecurity #pki #Yubico #hsm

CommanderViral, 8 months ago to security

Thanks @chiefgyk3d for the YubiKey and fidget toy! He's got some donated from #Yubico to giveaway on Twitch streams, so check out his stream to get in on the Marbles games and win a #yubikey. #security

hko, 9 months ago to random

While exploring use of PKCS #11 devices in #OpenPGP contexts, I stumbled over a bug (and potential security issue) in the yubihsm_pkcs11.so driver for #YubiHSM devices.

Long form text by Christian Reitter (who walked me through the coordinated disclosure process with #Yubico, and did amazing work analyzing and writing up the issue):
https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/

Yubico advisory: https://www.yubico.com/support/security-advisories/ysa-2023-01/

#CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39908

(Thanks again to @sovtechfund for funding my #PKCS11 work)

chiefgyk3d, 10 months ago to infosec

One of my favorite things about working with #Yubico as an affiliate and brand ambassador. Whenever I need keys for projects they oblige! #infosec #cybersecurity #yubikey

to3k, 11 months ago to android Polish

🇵🇱 Nowy wpis na blogu! / 🇬🇧 New blog post!

Vaultwarden – self-hosted password manager

#2fa #android #backup #bitwarden #chrome #docker #dockerhub #firefox #https #ios #ipados #opensource #passwordmanager #selfsignedcertificate #selfhosted #ssl #totp #u2f #vaultwarden #yubico #yubikey #yunohost

Autor: @to3k

https://blog.tomaszdunia.pl/vaultwarden-eng/

ChiefGyk3D, 11 months ago to linux

That’s a lot of security in one picture! #GrapheneOS #Trezor #Ledger #Yubico #Tillitis #Purism #Linux #Pixel7a

ljrk, 11 months ago to random

#Yubico sent an email out that advertised

> … make phishing-resistant authentication as easy as getting a new credit card.

Idk, maybe I'm not American enough for that, but this doesn't sound easy to me lol.

hko, 1 year ago (edited 1 year ago) to random

Today I spent a bit of time with the #YubiHSM and its #PKCS11 driver (the yubihsm_pkcs11.so driver had exhibited some confusing-to-me behavior, during occasional experiments over the past few weeks).

After a closer look, I believe that "yubihsm_pkcs11.so" version 2.4.0 has introduced a number of rather confusing regressions around object IDs (see https://github.com/Yubico/yubihsm-shell/issues/345 #Yubico).

This investigation was a side-quest of my @sovtechfund financed project "PKCS#11 support for @sequoiapgp".

mysk, 1 year ago to infosec

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security

image/jpeg
image/png
image/png

rysiek, 1 year ago to infosec

#Yubico is merging with some other company to go public on a stock exchange
https://www.yubico.com/blog/yubico-is-merging-with-acq-bure/

Get ready for Yubico "maximizing shareholder value" — also known as "enshittification." :blobcat_owo:

Time to look more closely at @nitrokey 😉

#InfoSec