Yubico has apologized to a security researcher who had complained the dongle peddler lifted his work to nab a $5,000 Google bug bounty.
Over the weekend, Marcus Vervier described how he and fellow infosec bod Michele Orru discovered flaws that could be exploited by miscreants to steal people's two-factor authentication codes.
I tried to order my thoughts and the events of the crazy last two days of WebUSB vulnerabilities, actions of @Yubico, and disclosure madness in a blogpost:https://t.co/w1iX212bPC— Markus Vervier (@marver) June 16, 2018
Yubico update to WebUSB advisory and statement https://t.co/6ZDehnbRcF— Yubico (@Yubico) June 18, 2018
Even if there's another side to the story, this is not a good look for Yubico https://t.co/NLF551Y1QV— Ryan Naraine (@ryanaraine) June 16, 2018
0 Comments