ecdsa – Weekly Geek

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

reader comments 118 The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday. The cryptographic flaw, known as a side channel, resides in a… Read More »

Major cryptography blunder in Java enables “psychic paper” forgeries

Getty Images reader comments 37 with 32 posters participating Share this story Organizations using newer versions of Oracle’s Java framework woke up on Wednesday to a disquieting advisory: A critical vulnerability can make it easy for adversaries to forge TLS certificates and signatures, two-factor authentication messages, and authorization credentials generated by a range of widely… Read More »