[Security-discuss] [Architecture] YubiNews: Google Releases Support for FIDO U2F Powered YubiKeys

Steve Lee steve at opendirective.com
Thu Oct 23 17:31:03 EDT 2014


Id be intetesyed in seeing the windows listener diagnostic window output.
You should be able to cut n paste it.

Steve

Autocomplete may have messed with my text
On 23 Oct 2014 18:32, "Gregg Vanderheiden" <gv at trace.wisc.edu> wrote:

> actually, to be more accurate.   Our USB Programming App   says
> “unsupported Type”
>
> and our listener detects it.
>
> So it is detected and "somewhat readable”  but it is ‘indecipherable’
>  I guess you would say.
>
> All I have.  I gave samples to Steve and Colin and maybe Kasper - so they
> might have more.
>
> *gregg*
> --------------------------------------------------------
> Gregg Vanderheiden Ph.D.
> Director Trace R&D Center
> Professor Industrial & Systems Engineering
> and Biomedical Engineering University of Wisconsin-Madison
> Co-Director, Raising the Floor - International -
> http://Raisingthefloor.org
> and the Global Public Inclusive Infrastructure Project -  http://GPII.net
>
> On Oct 23, 2014, at 11:12 AM, Tony Atkins <tony at raisingthefloor.org>
> wrote:
>
> Ah, great, the NFC support wasn't clear from the product description.  Is
> there a particular model needed for that?
>
> Cheers,
>
>
> Tony
>
> On Thu, Oct 23, 2014 at 5:49 PM, Gregg Vanderheiden <gv at trace.wisc.edu>
> wrote:
>
>> FYI
>>
>> we have talked with YubiKey  - and they have sent us sample YubiKeys to
>> test  (they were distributed to key Arch members - no pun intended)
>>
>> they are based on open standards  (and their keys are both USB and NFC
>> enabled)
>>
>> *gregg*
>> --------------------------------------------------------
>> Gregg Vanderheiden Ph.D.
>> Director Trace R&D Center
>> Professor Industrial & Systems Engineering
>> and Biomedical Engineering University of Wisconsin-Madison
>> Co-Director, Raising the Floor - International -
>> http://Raisingthefloor.org <http://raisingthefloor.org/>
>> and the Global Public Inclusive Infrastructure Project -  http://GPII.net
>> <http://gpii.net/>
>>
>> On Oct 23, 2014, at 3:33 AM, Tony Atkins <tony at raisingthefloor.org>
>> wrote:
>>
>> Hi, All:
>>
>> Yubikey obviously realized that many people would be concerned and
>> published an article regarding BadUSB:
>>
>> https://www.yubico.com/2014/08/yubikey-badusb/
>>
>> In short, they are not an attack vector, as their firmware cannot be
>> rewritten.  However, given that there are definitely other devices that can
>> take advantage of the vulnerability, I would assume that lab maintainers
>> might still hesitate to allow users to use a USB port at all.
>>
>> Cheers,
>>
>>
>> Tony
>>
>> On Thu, Oct 23, 2014 at 10:24 AM, Tony Atkins <tony at raisingthefloor.org>
>> wrote:
>>
>>> Hi, Gregg:
>>>
>>> Thanks for sharing the link.  This sounds like the kind of thing that
>>> should be supported if it gains traction, but is not something we can
>>> exclusively rely on, as it does not work at all for mobile. RFID and NFC
>>> are a much better choice there.
>>>
>>> I'm also wondering how much lab maintainers are concerned about "bad
>>> USB":
>>>
>>> https://srlabs.de/badusb/
>>> https://www.youtube.com/watch?v=nuruzFqMgIw
>>>
>>> If this gains traction in the wild, I would not be surprised if public
>>> stations (one of our key use cases) limit access to USB ports to their
>>> users until there are stronger safeguards.  Again, having a trusted NFC
>>> reader installed by the lab owner is a better option here than allowing
>>> arbitrary USB devices.
>>>
>>> For wider adoption, given that nearly all computers do not come with NFC
>>> or RFID readers, cheap and easy to use USB devices that we can build on top
>>> of are worth considering, especially since they already have a node module
>>> to handle the authentication:
>>>
>>> https://www.npmjs.org/package/yub
>>>
>>> Has anyone purchased one of these to try out?  They're around the same
>>> price as a low-end NFC ring, so it's not unreasonable to just get one and
>>> do a bit of research.
>>>
>>> Cheers,
>>>
>>>
>>> Tony
>>>
>>> On Wed, Oct 22, 2014 at 6:36 AM, Gregg Vanderheiden <gv at trace.wisc.edu>
>>> wrote:
>>>
>>>>
>>>>
>>>> *gregg*
>>>> --------------------------------------------------------
>>>> Gregg Vanderheiden Ph.D.
>>>> Director Trace R&D Center
>>>> Professor Industrial & Systems Engineering
>>>> and Biomedical Engineering University of Wisconsin-Madison
>>>> Co-Director, Raising the Floor - International -
>>>> http://Raisingthefloor.org <http://raisingthefloor.org/>
>>>> and the Global Public Inclusive Infrastructure Project -
>>>> http://GPII.net <http://gpii.net/>
>>>>
>>>> Begin forwarded message:
>>>>
>>>> *Subject: **YubiNews: Google Releases Support for FIDO U2F Powered
>>>> YubiKeys*
>>>> *From: *Yubico <newsletter at yubico.com>
>>>> *Reply-To: *Yubico <newsletter at yubico.com>
>>>> *To: * <gv at trace.wisc.edu>
>>>> *Date: *October 21, 2014 at 8:11:08 AM CDT
>>>>
>>>> Google Releases Support for FIDO U2F Powered YubiKeysView this email
>>>> in your browser
>>>> <http://us4.campaign-archive1.com/?u=f089f8c003910ccc8b7308b56&id=4f9b1d479d&e=1e2e553ee9>Google
>>>> Releases Support for FIDO U2F Powered YubiKeys
>>>>
>>>> YubiFriends,
>>>>
>>>> Today is a good day for the Internet.
>>>>
>>>> Now you can get your online Security Key at Amazon. A key that you own
>>>> and control and that allows you to instantly and securely login to Google
>>>> Accounts - and any number of service providers who choose to adopt FIDO
>>>> Universal 2nd Factor authentication.
>>>> As a driving contributor of FIDO U2F specifications, Yubico celebrates
>>>> this event by releasing a new bright blue and U2F-only version of our
>>>> YubiKey.
>>>>
>>>> More from our CEO & Founder, Stina Ehrensvard
>>>> <http://yubico.us4.list-manage.com/track/click?u=f089f8c003910ccc8b7308b56&id=d00c32040b&e=1e2e553ee9>*Copyright
>>>> © 2014 Yubico, All rights reserved.*
>>>> You're receiving this email because you opted in at our website or
>>>> during a purchase on our web store. If you wish to unsubscribe or update
>>>> your subscription preferences, just click on the links below.
>>>>
>>>> unsubscribe from this list
>>>> <http://yubico.us4.list-manage1.com/unsubscribe?u=f089f8c003910ccc8b7308b56&id=1583d0035b&e=1e2e553ee9&c=4f9b1d479d>
>>>>     update subscription preferences
>>>> <http://yubico.us4.list-manage1.com/profile?u=f089f8c003910ccc8b7308b56&id=1583d0035b&e=1e2e553ee9>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> Architecture at lists.gpii.net
>>>> http://lists.gpii.net/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>> _______________________________________________
>> Architecture mailing list
>> Architecture at lists.gpii.net
>> http://lists.gpii.net/cgi-bin/mailman/listinfo/architecture
>>
>>
>>
> _______________________________________________
> Architecture mailing list
> Architecture at lists.gpii.net
> http://lists.gpii.net/cgi-bin/mailman/listinfo/architecture
>
>
>
> _______________________________________________
> Architecture mailing list
> Architecture at lists.gpii.net
> http://lists.gpii.net/cgi-bin/mailman/listinfo/architecture
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gpii.net/pipermail/security-discuss/attachments/20141023/c44fe3b4/attachment-0001.html>


More information about the Security-discuss mailing list