exploited Posted July 11, 2012 Posted July 11, 2012 Hi all, My question is about the Yubikey and cross site scripting. Will it stop an attacker from hijacking a session? Thanks in advance, Exploited Quote
digininja Posted July 11, 2012 Posted July 11, 2012 No. XSS is an attack where you can run code in a victims browser, a yubikey is a device to add a second factor to authentication. They are two different technologies. A yubikey can help protect against cross site request forgery which can be an extension to XSS but then so can a standard password. Quote
exploited Posted July 11, 2012 Author Posted July 11, 2012 No. XSS is an attack where you can run code in a victims browser, a yubikey is a device to add a second factor to authentication. They are two different technologies. A yubikey can help protect against cross site request forgery which can be an extension to XSS but then so can a standard password. Ahhh, this is good information and makes great sense. I suppose my attackers in the past were using key loggers AND maybe xss at times. I just purchased 10 of these keys and feel that they were a wise buy. Even though they offer another layer of security, they also make logging in with two factor authentication much easier. Thanks for the reply. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.