Slashdot: Yubico To Replace Vulnerable YubiKey FIPS Security Keys

Yubico To Replace Vulnerable YubiKey FIPS Security Keys
Published on June 14, 2019 at 12:20AM
Yubico said today it plans to replace certain hardware security keys because of a firmware flaw that reduces the randomness of cryptographic keys generated by its devices. From a report: Affected products include models part of the YubiKey FIPS Series, a line of YubiKey authentication keys certified for use on US government networks (and others) according to the US government's Federal Information Processing Standards (FIPS). According to a Yubico security advisory published today, YubiKey FIPS Series devices that run firmware version 4.4.2 and 4.4.4 contain a bug that keeps "some predictable content" inside the device's data buffer after the power-up operation. This "predictable content" will influence the randomness of cryptographic keys generated on the device for a short period after the boot-up, until the "predictable content" is all used up, and true random data is present in the buffer. This means that for a short period after booting up YubiKey FIPS Series devices with the affected 4.4.2 and 4.4.4 versions will generate keys that can be either recovered partially, or in full, depending on the cryptographic algorithm the key is working with for a particular authentication operation.

Read more of this story at Slashdot.

Comments

Post a Comment

Popular posts from this blog

Slashdot: Apple's US iPhones Can All Be Made Outside of China If Needed

Image
Apple's US iPhones Can All Be Made Outside of China If Needed Published on June 11, 2019 at 07:30PM Apple has a backup plan if the U.S.-China trade war gets out of hand. From a report: The Cupertino, Calif.-based company's primary manufacturing partner has enough capacity to make all iPhones bound for the U.S. outside of China if necessary, according to a senior executive at Hon Hai Precision Industry Co. The Taiwanese contract manufacturer now makes most of the smartphones in the Chinese mainland. China is a crucial cog in Apple's business, the origin of most of its iPhones and iPads as well as its largest international market. But President Donald Trump has threatened Beijing with new tariffs on about $300 billion worth of Chinese goods, an act that would escalate tensions dramatically while levying a punitive tax on Apple's most profitable product. Hon Hai, known also as Foxconn, is the American giant's most important manufacturing partner. It will fully support ...
Read more

Slashdot: 7,000 Developers Report Their Top Languages: Java, JavaScript, and Python

Image
7,000 Developers Report Their Top Languages: Java, JavaScript, and Python Published on June 17, 2019 at 04:04PM "JetBrains released its State of Developer Ecosystem 2019 report, which found while Java is still the most popular primary language and JavaScript is the most used overall, Python is gaining speed," reports SD Times: The report surveyed about 7,000 developers worldwide, and revealed Python is the most studied programming language, the most loved language, and the third top primary programming language developers are using... The top use cases developers are using Python for include data analysis, web development, machine learning and writing automation scripts, according to the JetBrains report. More developers are also beginning to move over to Python 3, with 9 out of 10 developers using the current version. The JetBrains report also found while Go is still a young language, it is the most promising programming language. "Go started out with a share of 8% in 2...
Read more

Slashdot: In Stores, Secret Surveillance Tracks Your Every Move

Image
In Stores, Secret Surveillance Tracks Your Every Move Published on June 15, 2019 at 01:40AM In retail stores, Bluetooth "beacons" are watching you, using hidden technology in your phone. From a report: Imagine you are shopping in your favorite grocery store. As you approach the dairy aisle, you are sent a push notification in your phone: "10 percent off your favorite yogurt! Click here to redeem your coupon." You considered buying yogurt on your last trip to the store, but you decided against it. How did your phone know? Your smartphone was tracking you. The grocery store got your location data and paid a shadowy group of marketers to use that information to target you with ads. Recent reports have noted how companies use data gathered from cell towers, ambient Wi-Fi, and GPS. But the location data industry has a much more precise, and unobtrusive, tool: Bluetooth beacons. These beacons are small, inobtrusive electronic devices that are hidden throughout the grocery...
Read more