I posted a link to Twitter earlier on a recent discovery of the ability to clone RSA SecurID soft tokens:<\/p>\n
It (rightfully so) received some critical responses by @wh1t3rabbit & @wikidsystems since, apart from what the hypesters may say, this is a low-risk weakness.<\/p>\n
@Wh1t3Rabbit<\/a> @hrbrmstr<\/a> once you own the machine and can enumerate SIDs in AD, aren't you in? And, don't you still need the PIN?<\/p>— Nick Owen (@wikidsystems) May 22, 2012<\/a><\/blockquote><\/center><\/p>\n
Think about it. Just looking at the two most likely threat actors & actions: an insider trying to siphon off soft tokens and an external attacker using crafted malware to grab soft tokens. The former (most likely) knows your organization is using soft tokens (and probably has one herself). The latter is unlikely to just try to blanket siphon off soft tokens so they’ll have to do some research to target an organization (which costs time\/money).<\/p>\n
Once a victim (or set of victims) is identified, the cloning steps would have to be perfectly executed (and, I’m not convinced that’s a given). Let’s say that this is a given, though. Now both the insider and external agent have access to the bits to clone a token. It is<\/em> easier for the insider to get that data, but the external attacker has to exfiltrate successfully it somehow (more complexity\/time\/cost).<\/p>\n
To be useful, the attacker needs the user id, PIN and \u2013\u00a0in most implementations \u2013 a password. An insider would (most likely) know the user id (since she probably has one herself) but that data would require more time\/effort\/cost to the external attacker (think opportunistic keylogger\/screenscraper with successful exfiltration). For both attackers, getting the password requires either social engineering or the use of a keylogger. Even then, there’s a time-limit of 90 days or less (since, if you’re using soft tokens, you probably have a 90 day password policy). That shrinks the amount of time the attack can be successful.<\/p>\n
Now, both attackers need to know where this soft token can be used and<\/em> have direct access to those systems. Again, probably easier for an insider and fairly costly for an external attacker.<\/p>\n
Looking at this, there’s definitely a greater risk associated with an insider from this weakness than there is from an external party (as pointed out by the aforementioned twitter commentators). As @wikidsystems further pointed out, this also shows the inherent positives of multi-factor authentication :: you need far more component parts to execute a successful attack, making the whole thing very costly to obtain. Security economics FTW!<\/p>\n
My comment has been that if using the TPM store for Windows-based SecurID soft token implementations negates this weakness, then why not do it? Does the added deployment & management complexity really cost that much?<\/p>\n
In the end, I would categorize this weakness as a low risk to most organizations using soft tokens with a non-TPM storage configuration. Unless you know<\/em> you’re a nation-state target (my opine for the origin of the attacker) \u2013\u00a0and, even then, you’re probably using hard tokens \u2013 far too many celestial bodies need to align for this weakness to be exploited successfully.<\/p>\n
NOTE: This post was not meant to be a comprehensive risk assessment of the weakness and does not cover all attack scenarios. I left out many, including Windows desktop administrators and privileged script access. I was merely trying to do my part to counter whatever hype ensues from this weakness. Comments on those vectors or the analysis in general are most welcome.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"
I posted a link to Twitter earlier on a recent discovery of the ability to clone RSA SecurID soft tokens: It (rightfully so) received some critical responses by @wh1t3rabbit & @wikidsystems since, apart from what the hypesters may say, this is a low-risk weakness. Think about it. Just looking at the two most likely threat […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[3,4],"tags":[],"class_list":["post-1078","post","type-post","status-publish","format-standard","hentry","category-information-security","category-risk"],"yoast_head":"\n
New SecurID Soft Token Cloning Weakness : What's The Risk? - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2012\/05\/22\/new-securid-soft-token-cloning-weakness-whats-the-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New SecurID Soft Token Cloning Weakness : What's The Risk? - rud.is\" \/>\n<meta property=\"og:description\" content=\"I posted a link to Twitter earlier on a recent discovery of the ability to clone RSA SecurID soft tokens: It (rightfully so) received some critical responses by @wh1t3rabbit & @wikidsystems since, apart from what the hypesters may say, this is a low-risk weakness. Think about it. Just looking at the two most likely threat […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2012\/05\/22\/new-securid-soft-token-cloning-weakness-whats-the-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2012-05-22T13:45:17+00:00\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/05\\\/22\\\/new-securid-soft-token-cloning-weakness-whats-the-risk\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/05\\\/22\\\/new-securid-soft-token-cloning-weakness-whats-the-risk\\\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"New SecurID Soft Token Cloning Weakness : What’s The Risk?\",\"datePublished\":\"2012-05-22T13:45:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/05\\\/22\\\/new-securid-soft-token-cloning-weakness-whats-the-risk\\\/\"},\"wordCount\":581,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"articleSection\":[\"Information Security\",\"Risk\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/05\\\/22\\\/new-securid-soft-token-cloning-weakness-whats-the-risk\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/05\\\/22\\\/new-securid-soft-token-cloning-weakness-whats-the-risk\\\/\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/05\\\/22\\\/new-securid-soft-token-cloning-weakness-whats-the-risk\\\/\",\"name\":\"New SecurID Soft Token Cloning Weakness : What's The Risk? - rud.is\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\"},\"datePublished\":\"2012-05-22T13:45:17+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/05\\\/22\\\/new-securid-soft-token-cloning-weakness-whats-the-risk\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/05\\\/22\\\/new-securid-soft-token-cloning-weakness-whats-the-risk\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/05\\\/22\\\/new-securid-soft-token-cloning-weakness-whats-the-risk\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/rud.is\\\/b\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New SecurID Soft Token Cloning Weakness : What’s The Risk?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/\",\"name\":\"rud.is\",\"description\":\""In God we trust. All others must bring data"\",\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/rud.is\\\/b\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\\\/\\\/rud.is\"],\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/author\\\/hrbrmstr\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New SecurID Soft Token Cloning Weakness : What's The Risk? - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2012\/05\/22\/new-securid-soft-token-cloning-weakness-whats-the-risk\/","og_locale":"en_US","og_type":"article","og_title":"New SecurID Soft Token Cloning Weakness : What's The Risk? - rud.is","og_description":"I posted a link to Twitter earlier on a recent discovery of the ability to clone RSA SecurID soft tokens: It (rightfully so) received some critical responses by @wh1t3rabbit & @wikidsystems since, apart from what the hypesters may say, this is a low-risk weakness. Think about it. Just looking at the two most likely threat […]","og_url":"https:\/\/rud.is\/b\/2012\/05\/22\/new-securid-soft-token-cloning-weakness-whats-the-risk\/","og_site_name":"rud.is","article_published_time":"2012-05-22T13:45:17+00:00","author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2012\/05\/22\/new-securid-soft-token-cloning-weakness-whats-the-risk\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2012\/05\/22\/new-securid-soft-token-cloning-weakness-whats-the-risk\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"New SecurID Soft Token Cloning Weakness : What’s The Risk?","datePublished":"2012-05-22T13:45:17+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2012\/05\/22\/new-securid-soft-token-cloning-weakness-whats-the-risk\/"},"wordCount":581,"commentCount":2,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"articleSection":["Information Security","Risk"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2012\/05\/22\/new-securid-soft-token-cloning-weakness-whats-the-risk\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2012\/05\/22\/new-securid-soft-token-cloning-weakness-whats-the-risk\/","url":"https:\/\/rud.is\/b\/2012\/05\/22\/new-securid-soft-token-cloning-weakness-whats-the-risk\/","name":"New SecurID Soft Token Cloning Weakness : What's The Risk? - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"datePublished":"2012-05-22T13:45:17+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2012\/05\/22\/new-securid-soft-token-cloning-weakness-whats-the-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2012\/05\/22\/new-securid-soft-token-cloning-weakness-whats-the-risk\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2012\/05\/22\/new-securid-soft-token-cloning-weakness-whats-the-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"New SecurID Soft Token Cloning Weakness : What’s The Risk?"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":""In God we trust. All others must bring data"","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-ho","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":24738,"url":"https:\/\/rud.is\/b\/2025\/04\/05\/a-critical-analysis-of-iceraid\/","url_meta":{"origin":1078,"position":0},"title":"A Critical Analysis of ICERAID","author":"hrbrmstr","date":"2025-04-05","format":false,"excerpt":"ICERAID (iceraid[.]us) presents itself as a \"GovFi protocol\" that purportedly delegates intelligence gathering tasks from law enforcement to citizens. According to their materials, it rewards users with cryptocurrency tokens for capturing and uploading images of alleged \"criminal illegal alien activity\" and other suspected criminal behavior to their platform. The platform\u2026","rel":"","context":"In "Cybersecurity"","block_context":{"text":"Cybersecurity","link":"https:\/\/rud.is\/b\/category\/cybersecurity\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5929,"url":"https:\/\/rud.is\/b\/2017\/05\/08\/travis-ci-flaw-exposed-some-secure-environment-variable-contents\/","url_meta":{"origin":1078,"position":1},"title":"Travis-CI Flaw Exposed Some ‘Secure’ Environment Variable Contents","author":"hrbrmstr","date":"2017-05-08","format":false,"excerpt":"Tagging this as #rstats-related since many R coders use Travis-CI to automate package builds (and other things). Security researcher Ivan Vyshnevskyi did some ++gd responsible disclosure to the Travis-CI folks letting them know they were leaking the contents of \"secure\" environment variables in the build logs. The TL;DR on \"secure\"\u2026","rel":"","context":"In "Information Security"","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5954,"url":"https:\/\/rud.is\/b\/2017\/05\/16\/r%e2%81%b6-using-r-with-amazon-athena-awas-temporary-security-credentials\/","url_meta":{"origin":1078,"position":2},"title":"R\u2076 \u2014 Using R With Amazon Athena & AWS Temporary Security Credentials","author":"hrbrmstr","date":"2017-05-16","format":false,"excerpt":"Most of the examples of working with most of the AWS services show basic username & password authentication. That's all well-and-good, but many shops use the AWS Security Token Service to provide temporary credentials and session tokens to limit exposure and provide more uniform multi-factor authentication. At my workplace, Frank\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11077,"url":"https:\/\/rud.is\/b\/2018\/07\/20\/a-new-boto3-amazon-athena-client-wrapper-with-dplyr-async-query-support\/","url_meta":{"origin":1078,"position":3},"title":"A new ‘boto3’ Amazon Athena client wrapper with dplyr async query support","author":"hrbrmstr","date":"2018-07-20","format":false,"excerpt":"A previous post explored how to deal with Amazon Athena queries asynchronously. The function presented is a beast, though it is on purpose (to provide options for folks). In reality, nobody really wants to use rJava wrappers much anymore and dealing with icky Python library calls directly just feels wrong,\u2026","rel":"","context":"In "athena"","block_context":{"text":"athena","link":"https:\/\/rud.is\/b\/category\/athena\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12749,"url":"https:\/\/rud.is\/b\/2020\/05\/16\/attach-your-r-code-to-charts-you-tweet-for-reproducible-r-tweets\/","url_meta":{"origin":1078,"position":4},"title":"Attach Your R Code To Charts You Tweet For Reproducible R Tweets!","author":"hrbrmstr","date":"2020-05-16","format":false,"excerpt":"I caught this tweet by Terence Eden about using Twitter image alt-text to \"PGP sign\" tweet and my mind immediately went to \"how can I abuse this for covert communications, malicious command-and-control, and embedding R code in tweets?\". When you paste or upload an image to tweet (web interface, at\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6788,"url":"https:\/\/rud.is\/b\/2017\/10\/22\/a-call-to-tweets-blog-posts\/","url_meta":{"origin":1078,"position":5},"title":"A Call to Tweets (& Blog Posts)!","author":"hrbrmstr","date":"2017-10-22","format":false,"excerpt":"Way back in July of 2009, the first version of the twitteR package was published by Geoff Jentry in CRAN. Since then it has seen 28 updates, finally breaking the 0.x.y barrier into 1.x.y territory in March of 2013 and receiving it's last update in July of 2015. For a\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/1078","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=1078"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/1078\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=1078"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=1078"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=1078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}