As Robin Wilton discussed a few days ago in Roca: Encryption Vulnerability and What to do About It, yet another security vulnerability has been discovered. If you have one of the ISOC-branded Yubikey 4s that we have given out at some conferences, they were affected by the recently disclosed Infineon vulnerability. See these two links for details:
- https://www.yubico.com/2017/10/infineon-rsa-key-generation-issue/
- https://www.yubico.com/support/security-advisories/ysa-2017-01/
This issue impacts only some limited uses of the keys. For details, see
https://www.yubico.com/keycheck/functionality_assessment.
You can get your ISOC-branded Yubikey 4 replaced at no cost to you by going to this page and following the instructions.
If you have questions or concerns, please contact Steve Olshansky, Internet Technology Program Manager, at <[email protected]>.