Are you sure this isn’t a scam?
Are you sure this isn’t a scam?
Reading the article I think most people don’t need to worry about upgrading because of this flaw; this would be a very targeted attack. And I can understand not letting the firmware upgrade; I’m pretty sure I’ve seen examples of nation-state hacks for phones that involve attackers installing an “upgraded firmware” that disables security protections to access otherwise secured info. But yeah, cost is definitely a risk with this design.
It doesn’t affect their newest keys, but you can’t upgrade an older key to fix it:
All YubiKeys running firmware prior to version 5.7—which was released in May and replaces the Infineon cryptolibrary with a custom one—are vulnerable. Updating key firmware on the YubiKey isn’t possible. That leaves all affected YubiKeys permanently vulnerable.
It seems to be largely the same attack that succeeded against Google’s Titan keys a few years ago, according to the article
In fact reading through the article it sounds like they would need to use it to extract the secret. I guess the end goal for this would be to maintain surreptitious access to something after returning the key to the target, either to build a criminal case or for espionage purposes.
Given that the vulnerability may also apply to other secure access card/devices I suppose it could also be used if a nation-state wanted to use an impostor to access secure facilities.
Is it still illegal in Edmonton somehow even though it was legalized in Canada nationally?
Question I’ve been meaning to ask: if I start with cloud can I move to self-hosted later? I’ve seen this before and it feels like a product I could make good use of, especially for getting tabs closed.
I still replay both every few years; finished Portal 2’s co-op with the kiddo earlier this year.
Offhand I can only think of one movie (and sequels) where “didn’t read the book” made the movie significantly better: The Bourne Identity. Those books really were awful!
I haven’t done any programming in over 20 years, but I think I can make a contribution to projects by trying to improve documentation, once I start using some projects
I’ve seen multiple markdown standards; which one did you implement?
Is that Willem Dafoe on the right?
I remember when Firefox was brand new over 20 years ago and one of the reasons for creating it was the main Mozilla browser had too much feature bloat so it was stripped down to just a browser and if you wanted more features you could add them in as extensions, putting just what you wanted in the browser and leaving out what you didn’t. It was great! Eventually Firefox became more popular so Mozilla switched their efforts to it and they’ve been jamming more things that used to be extensions in as features and bloating it full of features I don’t want. It’s one of the reasons I started using Chrome in the early days of Chrome but then of course that and Google started getting worse so I switched back to Firefox, but it still has its problems.
You’re right, I haven’t seen that in a while. The about page for the community has a link to the bot’s source code on GitHub, but it’s giving me a 404 error.
Yes, I just didn’t realize that auto-renew doesn’t work with PayPal on NameCheap and had lazily set it up with PayPal when I got it because I didn’t want to go get my wallet. Lesson learned!
I had this happen with NameCheap. I’m not sure if they bought it or someone else, but it stayed registered with them. Whoever bought it has held it for a couple years, put up a fake website to look like they were using it, but took it down after a year when I didn’t bite on buying it. Current status shows it’s pending deletion finally for abuse or non-payment. I keep checking to see when I can nab it again.
In one sense there was some level of tracking, just not to the extent there is today. Fairly early on they stopped just throwing up billboards and hoping the right people would see them. They generally weren’t putting billboards for luxury cars up in the slums. Advertisers would try to place ads in the neighborhoods of their targeted socioeconomic demographic. Media companies started funding surveys to learn who their readers or viewers or listeners were. If you’re an American you may have heard of the Nielsen ratings for TV or less likely the Arbitron ratings for radio. Those companies would use statistical sampling to send journals to households in a market and over the period of a week or several weeks ask the household to record every TV show they watched or every radio station they listened to. They would also ask what age each person was, gender, how much money did they earn, what level of education had they completed, etc. With enough responses the companies could say, “okay, only 10% of the people in this market were watching this show, but 60% of the men between the age of 35-54 who were watching TV at that time were watching this show.” If an advertiser wanted that demographic, that’s the show they would pick. Newspapers would even change the fliers they would put in the newspaper depending on what part of the city they were going to. Discount stores for the poor neighborhoods, jewelers for the rich.
Of course, unless you were filling out the survey journal or had the reporting box on your TV, they weren’t tracking you directly. But you were being targeted based on your neighbors who had responded and more public demographic data about your age and likely income. This started surprisingly early on, because most business owners couldn’t afford to do a lot of slapping something up and hoping they’d get new business; they wanted to have some reason to be confident they’d see a return on their investment. It wasn’t anywhere near as invasive as what online tracking has become today, but that’s what advertisers have long wanted.
I remember a really smart, very nerdy family friend telling us about Linux around 1997/98 and this was the experience he described. It sounded interesting but also like a crazy amount of work.
I haven’t seen one of these in a long time