[clug] Yubikeys on Linux

steve jenkin sjenkin at canb.auug.org.au
Fri Jun 12 03:35:30 GMT 2009


Robert Edwards wrote on 12/6/09 10:23 AM:

> As to having someone opportunisticly reprogram your yubikey on
> insertion - this is a real threat at the moment. Locking the
> reprogramming with a password would fix it, as long as you don't
> "lose" that password...

> Cheers,
> 
> Bob Edwards.


If what you're saying is correct (I haven't looked at the site), it is a
major vulnerability.

Allowing Silent & Promiscuous Reprogramming?!?!
They gotta fix that...
As you've pointed out, there's at least one simple & effective process.

-- 
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA

sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin


More information about the linux mailing list