Chrome Lets Hackers Phish Even 'Unphishable' Yubikey Users
Chrome Lets Hackers Phish Even 'Unphishable' Yubikey Users
Security, Spoken · SpokenLayer
March 2, 20189m 27s
Audio is streamed directly from the publisher (dovetail.prxu.org) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
There's no better way to protect yourself from the universal scourge of phishing attacks than with a hardware token like a Yubikey, which stymies attackers even if you accidentally hand them your username and password. But while Yubikey manufacturer Yubico describes its product as "unphishable," a pair of researchers has proven the company wrong, with a technique that allows clever phishers to sidestep even Yubico's last bastion of login protection.
Learn about your ad choices: dovetail.prx.org/ad-choices