It all was many years ago after the great depression, and similar. Then people kept voting in republicans who's life mission is to gut the SEC and all related regulation keeping them from doing things like this.
True. It is a well-known fact that braincells per capita, and technical competence and understanding rapidly increase the higher you are on the management ladder.
Malware running on your computer can engineer a situation where you would naturally press that without suspecting anything.
1. Malware logs you out of github.com
2. It waits for you to navigate to the login page
3. It initiates an SSH/signing operation requiring physical touch
4. You hit login on github.com, a 2nd FIDO operation is queued up
5. You press the yubikey button, confirming the SSH operation
6. "Nothing happens", so you press it again to log in
7. You're now logged in, and your SSH credentials have just been hijacked.
Or it could just inject itself into your shell profile, and do this the next time you ssh anywhere. You never really know what you're confirming so Yubikey's threat model implicitly depends on the host device being trustworthy.
This is why hardware wallets for crypto have a physical display to confirm the address and the amount before signing the transaction.
Not as much as when the leg broke off and you couldn't fix it, so you glue it in place and stop playing with it rather than ever tell your parents you broke it.
Between transformers, voltron, and borderline evil siblings it’s kinda of a miracle I made it from birth to now. But, hey, here we are and I love my brother… pretty sure he still stands me too.
reply