Still, the net effect is unlikely to be a push for usb lock. As long as attackers can reprogram USB firmware, attacks like this will be a serious threat. The only way to fix the vulnerability is a new layer of security around firmware, but that would mean a full update to the USB standard itself, which mean years of insecurity. However the industry responds, we’re likely to be living with it for a long, long time.
During the registration process, the key pairs are generated on the device (secure element) but the key pairs are not stored on the YubiKeys. Instead, the key pair (public key and encrypted private protect usb key) are stored by each relying party/service that initiated the registration. Therefore, this approach allows for an unlimited number of services to be associated with the U2F-certified YubiKeys.
Keyboard-spoofing HID attacks and especially basic social engineering attacks tricking users into opening files on a newly-found USB stick, however, are much more likely, which means it is essential that you educate your workers about the risks and urge them to hand lost property in rather than attempting to identify a device’s owner themselves. usb security I think you somehow miss the point because your SOP101 if you ask a journalist to do it (e.g. Glenn Greenwald), he might simply scratch his head yet again. Let alone hardware and software customizations (out of question) for Glenn Greenwald. Note that thecer extension is what tells UEFI that the file contains an x509 key, so you must use it.