|
flakeloaf posted:☐ My keyboard has an "Alt Facts" key i didn't know you work for the CPC
|
# ? Jan 8, 2021 16:04 |
|
|
# ? Apr 24, 2024 22:28 |
|
this was before the industry standardized on the term Fake News
|
# ? Jan 8, 2021 16:04 |
|
neat: google 2fa key, likely others, clonable with considerable effort
|
# ? Jan 8, 2021 16:08 |
|
how about we just don't have side channels? do we really need them anyway?
|
# ? Jan 8, 2021 16:09 |
|
real interesting, but just to clarify up front: this is an attack on a physical (cryptographic usb) key *chipset*. i for a moment read it as a general 2fa cryptographic key attack.
|
# ? Jan 8, 2021 16:10 |
|
I hope this doesn't slow adoption (if it can even be slowed any further) because even if it might be possible for someone who temporarily has possession of your key to copy it, u2f tokens are still much better than pretty much all the alternatives.
|
# ? Jan 8, 2021 16:11 |
|
I've got one upstairs in a safe and the other in deposit at my bank, I'm good
|
# ? Jan 8, 2021 16:14 |
|
Judging by the pictures in the article this isn't just some power rail attack or anything, it's straight up delidding the chip and probing the internals. That seems like it requires some very specific chip design to defend against.
|
# ? Jan 8, 2021 16:15 |
|
also it requires some very specific tool and skills to accomplish. probably not a huge worry for your average user
|
# ? Jan 8, 2021 16:23 |
|
their poc turnaround was something like 12 hours, so yeah, this isn't a serious concern for your average userSubjunctive posted:how about we just don't have side channels? do we really need them anyway? just put the one channel in the front and be done with it, i say
|
# ? Jan 8, 2021 16:37 |
|
those 2fa keys aren't for your average user...
|
# ? Jan 8, 2021 16:47 |
|
okay grandma, first download kleopatra...
|
# ? Jan 8, 2021 16:49 |
|
Jabor posted:Judging by the pictures in the article this isn't just some power rail attack or anything, it's straight up delidding the chip and probing the internals. wait doesn't everyone else have a hydrofluoric acid bath at home
|
# ? Jan 8, 2021 16:51 |
|
I used my last one on Victor
|
# ? Jan 8, 2021 17:16 |
flakeloaf posted:☐ My keyboard has an "Alt Farts" key
|
|
# ? Jan 8, 2021 17:28 |
|
Seems like its not really a big security concern since 2fa devices can be very easily de-associated to any account that uses them. So as long as the user reports their 2fa key lost it can be dealt with in a reasonable amount of time. Now if they find a way to extract a 2fa soft-key via malicious link, then we will see some interesting attacks.
|
# ? Jan 8, 2021 21:16 |
|
some HN commenter posted:I'm surprised congressional office's laptops do not embed remotely detonated explosives/destruction devices triggered with sat or cellular comms.
|
# ? Jan 8, 2021 22:22 |
|
Shame Boy posted:wait doesn't everyone else have a hydrofluoric acid bath at home ever since I installed my hot HF tub, my windows are all foggy and my bones keep breaking while walking.
|
# ? Jan 8, 2021 22:33 |
|
|
# ? Jan 8, 2021 22:33 |
|
ate poo poo on live tv posted:Seems like its not really a big security concern since 2fa devices can be very easily de-associated to any account that uses them. So as long as the user reports their 2fa key lost it can be dealt with in a reasonable amount of time. Now if they find a way to extract a 2fa soft-key via malicious link, then we will see some interesting attacks. If you have a stolen 2fa key that you can keep stolen, you don't need to clone anything - you just use it. The threat model is you steal their key on Friday, clone it, then return it before Monday so they don't notice it was ever missing.
|
# ? Jan 9, 2021 02:33 |
|
Jabor posted:The threat model is you steal their key on Friday, clone it, then return it before Monday so they don't notice it was ever missing. after re-potting the IC and perfectly re-creating the case you cut/melted off to get to it this really does seem more like a mossad tier attack than something normal people have to care about
|
# ? Jan 9, 2021 03:46 |
|
you keep the one you ruined and give them the clone that’s in good condition, since you already have the info you want.
|
# ? Jan 9, 2021 03:55 |
|
Jim Silly-Balls posted:you keep the one you ruined and give them the clone that’s in good condition, since you already have the info you want. You cannot replicate the greasy cheeto stains though, those are like a thumbprint I can use to identify mine for this specific possibility
|
# ? Jan 9, 2021 04:55 |
|
Jabor posted:If you have a stolen 2fa key that you can keep stolen, you don't need to clone anything - you just use it. Jim Silly-Balls posted:you keep the one you ruined and give them the clone thats in good condition, since you already have the info you want. Yea that's true.
|
# ? Jan 9, 2021 05:04 |
|
Volmarias posted:You cannot replicate the greasy cheeto stains though, those are like a thumbprint I can use to identify mine for this specific possibility that’s why they say this vulnerability is so hard to replicate. there are maybe what, two or three master Cheetomen in the world? their services don’t come cheap
|
# ? Jan 9, 2021 05:44 |
|
https://twitter.com/thezedwards/status/1347756804210479104?s=20 https://twitter.com/alexblagg/status/1347771677011103745?s=20
|
# ? Jan 9, 2021 07:16 |
|
crepeface posted:https://twitter.com/thezedwards/status/1347756804210479104?s=20 You have no idea how much I needed both of these
|
# ? Jan 9, 2021 07:33 |
|
so who wants to set up a robodialer on a sip trunk with some fresh DIDs from throughout the US and pretend to be Q
|
# ? Jan 9, 2021 07:40 |
|
Volmarias posted:You have no idea how much I needed both of these related: https://twitter.com/thegrugq/status/1347593973368410112?s=20
|
# ? Jan 9, 2021 08:47 |
|
|
# ? Jan 9, 2021 10:39 |
|
can’t wait till they claim antifa tricked them into posting the evidence
|
# ? Jan 9, 2021 11:10 |
|
that’s probably true though
|
# ? Jan 9, 2021 11:26 |
|
they'll blab about everything the instant they're alone in the room with a cop that claims to be sympathetic 99% of the time nothing will happen because it's not an interrogation, the cop just actually is sympathetic to white nationalist ideology
|
# ? Jan 9, 2021 11:30 |
|
crepeface posted:https://twitter.com/thezedwards/status/1347756804210479104?s=20
|
# ? Jan 9, 2021 15:38 |
|
Jabor posted:they'll blab about everything the instant they're alone in the room with a cop that claims to be sympathetic reid's nine goose steps
|
# ? Jan 9, 2021 16:05 |
|
https://twitter.com/alexblagg/status/1347782726858928129?s=21
|
# ? Jan 9, 2021 16:18 |
|
wow the fbi is getting good at deep cover ops
|
# ? Jan 9, 2021 16:21 |
|
i literally just posted that above???
|
# ? Jan 9, 2021 16:25 |
|
crepeface posted:i literally just posted that above??? sorry, was just posting a tweet with the screen shot included
|
# ? Jan 9, 2021 16:43 |
|
|
# ? Apr 24, 2024 22:28 |
|
are we sure that's parler with malware from a third party, and not just the official parler
|
# ? Jan 9, 2021 17:05 |