[Security-discuss] [Architecture] Fwd: YubiNews: Google Releases Support for FIDO U2F Powered YubiKeys
tony at raisingthefloor.org
Thu Oct 23 04:33:22 EDT 2014
Yubikey obviously realized that many people would be concerned and
published an article regarding BadUSB:
In short, they are not an attack vector, as their firmware cannot be
rewritten. However, given that there are definitely other devices that can
take advantage of the vulnerability, I would assume that lab maintainers
might still hesitate to allow users to use a USB port at all.
On Thu, Oct 23, 2014 at 10:24 AM, Tony Atkins <tony at raisingthefloor.org>
> Hi, Gregg:
> Thanks for sharing the link. This sounds like the kind of thing that
> should be supported if it gains traction, but is not something we can
> exclusively rely on, as it does not work at all for mobile. RFID and NFC
> are a much better choice there.
> I'm also wondering how much lab maintainers are concerned about "bad USB":
> If this gains traction in the wild, I would not be surprised if public
> stations (one of our key use cases) limit access to USB ports to their
> users until there are stronger safeguards. Again, having a trusted NFC
> reader installed by the lab owner is a better option here than allowing
> arbitrary USB devices.
> For wider adoption, given that nearly all computers do not come with NFC
> or RFID readers, cheap and easy to use USB devices that we can build on top
> of are worth considering, especially since they already have a node module
> to handle the authentication:
> Has anyone purchased one of these to try out? They're around the same
> price as a low-end NFC ring, so it's not unreasonable to just get one and
> do a bit of research.
> On Wed, Oct 22, 2014 at 6:36 AM, Gregg Vanderheiden <gv at trace.wisc.edu>
>> Gregg Vanderheiden Ph.D.
>> Director Trace R&D Center
>> Professor Industrial & Systems Engineering
>> and Biomedical Engineering University of Wisconsin-Madison
>> Co-Director, Raising the Floor - International -
>> and the Global Public Inclusive Infrastructure Project - http://GPII.net
>> Begin forwarded message:
>> *Subject: **YubiNews: Google Releases Support for FIDO U2F Powered
>> *From: *Yubico <newsletter at yubico.com>
>> *Reply-To: *Yubico <newsletter at yubico.com>
>> *To: * <gv at trace.wisc.edu>
>> *Date: *October 21, 2014 at 8:11:08 AM CDT
>> Google Releases Support for FIDO U2F Powered YubiKeysView this email in
>> your browser
>> Releases Support for FIDO U2F Powered YubiKeys
>> Today is a good day for the Internet.
>> Now you can get your online Security Key at Amazon. A key that you own
>> and control and that allows you to instantly and securely login to Google
>> Accounts - and any number of service providers who choose to adopt FIDO
>> Universal 2nd Factor authentication.
>> As a driving contributor of FIDO U2F specifications, Yubico celebrates
>> this event by releasing a new bright blue and U2F-only version of our
>> More from our CEO & Founder, Stina Ehrensvard
>> © 2014 Yubico, All rights reserved.*
>> You're receiving this email because you opted in at our website or during
>> a purchase on our web store. If you wish to unsubscribe or update your
>> subscription preferences, just click on the links below.
>> unsubscribe from this list
>> update subscription preferences
>> Architecture mailing list
>> Architecture at lists.gpii.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Security-discuss