Some necessary caveats: This kind of attack can only be pulled off in relatively narrow circumstances by a dedicated attacker. Segal said the user would need to have installed a malicious browser extension or be in transit and use public Wi-Fi where their traffic could be intercepted and decrypted through a MITM attack.
Well, okay. Maybe there's something new here, but despite the many paragraphs of exposition, this sounds like exactly the sort of cookie stealing attack that's been possible for decades.
Is the big breakthrough here that somebody realized FIDO doesn't change that? Like, uh, no kidding? What's new?
Well, okay. Maybe there's something new here, but despite the many paragraphs of exposition, this sounds like exactly the sort of cookie stealing attack that's been possible for decades.
Is the big breakthrough here that somebody realized FIDO doesn't change that? Like, uh, no kidding? What's new?