shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

267
active users

#yubikeys

0 posts0 participants0 posts today
DoesSec 🔐 🪪 ☕ :verified_paw:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@tychotithonus" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tychotithonus</span></a></span></p><p>It would be great if Yubico made all models available to more than just 500+ companies through their enterprise service like the multi-protocol-bio or this announced version.</p><p>The enhanced YubiKey 5 NFC and YubiKey 5C NFC will offer:<br>- PIN complexity turned on<br>- A minimum PIN length set to 6 characters<br>- alwaysUV (always user verify) turned on<br>- Standard "off-the-shelf" product availability<br>- Unique FIDO AAGUIDs to allow policy enforcement</p><p>This enhanced version will be available exclusively through **YubiKey as a Service** and will be available in July.</p><p><a href="https://infosec.exchange/tags/Yubikeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Yubikeys</span></a> are well on the way to becoming a collector's item ...</p>
David Nelson<p>People who use hardware security keys: Storing them in geographically diverse locations is a wise move but makes it impossible to quickly onboard. How do you keep track of where you’ve registered each key? A checklist in a spreadsheet is obvious but cumbersome. Is there a better way? (Yes I use passkeys extensively but for certain services like email, iCloud, and my password manager, a hardware option is desirable if not mandatory.) <a href="https://mastodon.social/tags/YubiKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YubiKey</span></a> <a href="https://mastodon.social/tags/YubiKeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YubiKeys</span></a> <a href="https://mastodon.social/tags/FIDO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO</span></a> <a href="https://mastodon.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO2</span></a> <a href="https://mastodon.social/tags/FIDOKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDOKey</span></a> <a href="https://mastodon.social/tags/FIDOKeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDOKeys</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a></p>
Colan Schwartz<p>This is unfortunate because I received a pair of these recently that I've been meaning to take out of the package. I guess they won't be issuing recalls?</p><p><a href="https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/</span></a></p><p><a href="https://mastodon.social/tags/securitykey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securitykey</span></a> <a href="https://mastodon.social/tags/sidechannel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sidechannel</span></a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://mastodon.social/tags/yubikeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikeys</span></a> <a href="https://mastodon.social/tags/hardwaretokens" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardwaretokens</span></a> <a href="https://mastodon.social/tags/hardwaretoken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardwaretoken</span></a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> <a href="https://mastodon.social/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a> <a href="https://mastodon.social/tags/fido" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido</span></a></p>
Marcus "MajorLinux" Summers<p>This is the last thing we need right now!</p><p>YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel </p><p><a href="https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/</span></a></p><p><a href="https://toot.majorshouse.com/tags/YubiKeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YubiKeys</span></a> <a href="https://toot.majorshouse.com/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://toot.majorshouse.com/tags/Cloning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloning</span></a> <a href="https://toot.majorshouse.com/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://toot.majorshouse.com/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://toot.majorshouse.com/tags/Hardware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hardware</span></a> <a href="https://toot.majorshouse.com/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a></p>
:rebel:<p>here's a taste of a blog post i'm going to publish soon, trying to bring about some simplification and understanding around passkeys compared to YubiKeys</p><p><a href="https://disobey.net/tags/fido" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido</span></a> <a href="https://disobey.net/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido2</span></a> <a href="https://disobey.net/tags/webauthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webauthn</span></a> <a href="https://disobey.net/tags/passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkey</span></a> <a href="https://disobey.net/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> <a href="https://disobey.net/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://disobey.net/tags/yubikeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikeys</span></a> <a href="https://disobey.net/tags/passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordless</span></a> <a href="https://disobey.net/tags/auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>auth</span></a> <a href="https://disobey.net/tags/authenticaation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authenticaation</span></a> <a href="https://disobey.net/tags/okta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>okta</span></a> <a href="https://disobey.net/tags/identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identity</span></a> <a href="https://disobey.net/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://disobey.net/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
Teri Radichel<p>How to Get Around a Google Hardware Security Key Bug <br>~~<br>Having problems using <a href="https://infosec.exchange/tags/Yubikeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Yubikeys</span></a> as result second factor (or at all) in a new <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> Workspace since Google added passwordless in beta. I hope this is fixed soon or I figure out what I’m doing wrong.<br><a href="https://medium.com/cloud-security/how-to-get-around-a-google-hardware-security-key-bug-ed6ae75d01c8" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/cloud-security/how-</span><span class="invisible">to-get-around-a-google-hardware-security-key-bug-ed6ae75d01c8</span></a></p>
Jeff Moss<p>Just want to give a positive shout out to <a href="https://defcon.social/tags/Putty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Putty</span></a> CAC SSH, the fork of Putty that gives you smart card support and works with <a href="https://defcon.social/tags/YubiKeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YubiKeys</span></a>. Good stuff!</p><p><a href="https://github.com/NoMoreFood/putty-cac" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/NoMoreFood/putty-ca</span><span class="invisible">c</span></a></p>
throAU<p>so, question for the security peeps - #365 break glass account: <a href="https://ioc.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> or not? My gut feeling is to secure with multiple <a href="https://ioc.exchange/tags/Yubikeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Yubikeys</span></a>, held by senior management but have seen info online suggesting that MFA is disabled and just rely on a secure password and obscure login name. Thoughts?</p>