Én csak ennyit tudok (igazából ennyit se).
- Zahy blogja
- A hozzászóláshoz be kell jelentkezni
Hozzászólások
bezzeg ha apple lenne akkor nem azt írnád hogy nincs miért aggódni, hanem mindennap létrehoznál rá egy új flame topicot :D:D
- A hozzászóláshoz be kell jelentkezni
Azert ez nem egy egyszeru bedugom lemasolom tortenet:
- The adversary steals the login and password of a victim’s application account protected with FIDO (e.g., via a phishing attack).
- The adversary gets physical access to the victim’s device during a limited time frame without the victim noticing.
- Thanks to the stolen victim’s login and password (for a given application account), the adversary sends the authentication request to the device as many times as is necessary while performing side-channel measurements.
- The adversary quietly gives back the FIDO device to the victim.
- The adversary performs a side-channel attack over the measurements and succeeds in extracting the ECDSA private key linked to the victim’s application account.
- The adversary can sign in to the victim’s application account without the FIDO device and without the victim noticing. In other words, the adversary created a clone of the FIDO device for the victim’s application account. This clone will give access to the application account as long as the legitimate user does not revoke its authentication credentials.
The list, however, omits a key step, which is tearing down the YubiKey and exposing the logic board housed inside. This likely would be done by using a hot air gun and a scalpel to remove the plastic key casing and expose the part of the logic board that acts as a secure element storing the cryptographic secrets. From there, the attacker would connect the chip to hardware and software that take measurements as the key is being used to authenticate an existing account. Once the measurement-taking is finished, the attacker would seal the chip in a new casing and return it to the victim.
- A hozzászóláshoz be kell jelentkezni
Ha a feleseged gyanithatoan egy nemzetkozi kemno, akkor ne hagyd azert egyedul az iroasztalod kornyeken :)
- A hozzászóláshoz be kell jelentkezni
Jav v1:
s/gyaníthatóan//
Jav v2:
s/gyanithatoan egy nemzetkozi kemno//
- A hozzászóláshoz be kell jelentkezni
Bar ugy lenne. Ahhoz tul szerenyen elunk.
- A hozzászóláshoz be kell jelentkezni
Mert profi.
- A hozzászóláshoz be kell jelentkezni
"The adversary can sign in to the victim’s application account without the FIDO device and without the victim noticing"
Mondjuk ez is teljesen applikacio fuggo. Attol, hogy belepek egy tokennel meg kapok rola ertesitest.
- A hozzászóláshoz be kell jelentkezni