AdamStas.com - Home of Adam Stasiniewicz https://www.adamstas.com/ Home of Adam Stasiniewicz Hugo -- gohugo.ioen-usTue, 11 Nov 2025 21:20:15 +0000 Please Use DNSSEC https://www.adamstas.com/please-use-dnssec/ Tue, 11 Nov 2025 21:20:15 +0000 Adam Stasiniewicz https://www.adamstas.com/please-use-dnssec/ The other day I was reading about yet another DNS vulnerability. Vulnerabilities in DNS have been well known since 2008, and since 2010 we’ve had an excellent solution, DNSSEC. DNSSEC addresses many of the most common DNS vulnerabilities on the internet today (including this most recent vulnerability). For most, setup is very simple. Unfortunately, DNSSEC is an opt-in technology. So, it’s a good time to remind all my Internet friends that today’s a good day to double-check if you have DNSSEC enabled, and if you don’t, to make plans to enable it.

]]> Infineon / YubiKey Cloning Vulnerability https://www.adamstas.com/infineon-yubikey-cloning-vulnerability/ Tue, 03 Sep 2024 21:25:21 -0700 Adam Stasiniewicz https://www.adamstas.com/infineon-yubikey-cloning-vulnerability/ Original Ars Technica Story

This is, unfortunately, a big deal. Not just for the users of YubiKeys, but also for anything using Infineon crypto chips. Infineon makes the crypto chips in a ton of devices, including TPMs, smart cards, passports, credit cards, and SIM cards. I suspect there will be more fallout from this, as additional devices are found to be using the same cryptographic library.

There are two important mitigations:

]]> Passkey Redaction and the Impact to Organizations https://www.adamstas.com/passkey-redaction-and-the-impact-to-organizations/ Sun, 14 Jul 2024 21:07:55 -0700 Adam Stasiniewicz https://www.adamstas.com/passkey-redaction-and-the-impact-to-organizations/ Recently, eSentire published some interesting research on successfully phishing users even when they’ve configured phishing resistant MFA (like a FIDO2 Passkey or a smart card). For organizations deploying Phishing Resistant MFA (PR-MFA), like a FIDO2 Passkey, be it for internal user authentication or customer logon, there are some important takeaways.

]]> Where to Find My Old Content https://www.adamstas.com/where-to-find-my-old-content/ Thu, 21 Dec 2023 17:09:37 +0000 Adam Stasiniewicz https://www.adamstas.com/where-to-find-my-old-content/ Much of my public work has disapeared into the depths of the internet, but I found a few things still lurking around.

]]> Thoughts on the EU's QWAC Proposal https://www.adamstas.com/thoughts-on-the-eu-qwac-proposal/ Tue, 28 Nov 2023 17:34:10 +0000 Adam Stasiniewicz https://www.adamstas.com/thoughts-on-the-eu-qwac-proposal/ I was recently listening to Security Now!’s coverage of the EU’s QWAC proposal. There’s much debate regarding the EU’s role in the global PKI ecosystem, when it dawned on me there’s a far simpler solution that should (hopefully) address everyone’s concerns.

]]> Canceling LastPass https://www.adamstas.com/canceling-lastpass/ Sat, 24 Dec 2022 17:25:58 +0000 Adam Stasiniewicz https://www.adamstas.com/canceling-lastpass/ 12 years ago I started paying for LastPass Premium. Today, I canceled my subscription, migrated my data to a different service, and deleted my account.

]]>