all InfoSec news
Attack vectors on Yubikeys?
May 9, 2023, 4:56 p.m. | /u/madGeneralist
cybersecurity www.reddit.com
My understanding is that Yubikeys have credentials bound to the URL of registration, meaning a phishing site would not be able to pull credentials if the user is tricked.
Now I’m wondering, is there a way to “trick” the yubikey into thinking your website is the actually one tied to the account? (Dunno, DNS spoofing/poisoning?)
What happens if it gets stolen? (I know if you have them …
attack attack vectors credentials cybersecurity hacked phishing registration thinking understanding url yubikey
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Senior Security Architect - Northwest region (Remote)
@ GuidePoint Security LLC | Remote
Senior Consultant, Cyber Security Architecture
@ 6point6 | Manchester, United Kingdom
Junior Security Architect
@ IQ-EQ | Port Louis, Mauritius
Senior Detection & Response Engineer
@ Expel | Remote
Cyber Security Systems Engineer ISSE Splunk
@ SAP | Southbank (Melbourne), VIC, AU, 3006