Does anyone have any idea how the hardware key part worked? I was under the impression my yubikey would only send a key for a specific URL so there would be no way to just forward the key to actual github because it would be for the wrong domain.
some details on this breach: https://blog.gitguardian.com/dropbox-breach-hack-github-circ...
Should we expect a source code dump soon?
Does anyone have any idea how the hardware key part worked? I was under the impression my yubikey would only send a key for a specific URL so there would be no way to just forward the key to actual github because it would be for the wrong domain.