24
you are viewing a single comment's thread
view the rest of the comments
[-] tedu@azorius.net 11 points 6 months ago

Some necessary caveats: This kind of attack can only be pulled off in relatively narrow circumstances by a dedicated attacker. Segal said the user would need to have installed a malicious browser extension or be in transit and use public Wi-Fi where their traffic could be intercepted and decrypted through a MITM attack.

Well, okay. Maybe there's something new here, but despite the many paragraphs of exposition, this sounds like exactly the sort of cookie stealing attack that's been possible for decades.

Is the big breakthrough here that somebody realized FIDO doesn't change that? Like, uh, no kidding? What's new?

[-] jax@lemmy.cloudhub.social 4 points 6 months ago

Yeah, this seems like old news - cookies can be stolen, and FIDO doesn't change that unless you are prompting the hardware token for validation with every request (which isn't feasible for most things, though might be a good idea for sensitive actions).

this post was submitted on 07 May 2024
24 points (100.0% liked)

Cybersecurity

5689 readers
59 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS