from Hacker News

Yubikey Security Advisory YSA-2024-03 Infineon Ecdsa Private Key Recovery

by gbrayut on 9/3/24, 4:47 PM with 5 comments

  • by jsiepkes on 9/3/24, 5:36 PM

    Well since Yubikey's can't update their firmware everything with a firmware below 5.7 is e-waste I guess?
  • by gnabgib on 9/3/24, 6:45 PM

    Discussion (51 points, 6 hours ago, 14 comments) https://news.ycombinator.com/item?id=41434500
  • by nixosbestos on 9/3/24, 6:35 PM

    I'm trying not to blow a gasket over this, but what the fuck? This makes the Yubikey a lost a couple months back a huge risk. This makes my primary and backup Yubikeys potential risks.

    They don't allow FW upgrades for dubious reasons, and they aren't issuing replacements? It's so sad that the OSS alternatives are so lacking.

    Maybe time to pickup a Precursor and start taking this all a bit more seriously.