Amazon Opens Prototype 1800 SF Checkout-Free Grocery Store in Seattle
County Health Dept. Offers Free Flu Shots in Somerville
Six-time Olympic medalist slams abuser Larry Nassar in court
Facebook Changes Its News Feed; How You Can Get Your Local News
Amazon Echo Spot: 'Smart alarm clock' with Alexa comes to the UK
WiFi isn't safe: WPA2 Protocol broken by Belgian Researchers
16 October 2017, 08:38 | Dan Bryan
A WPA2 flaw means nearly all Wi-Fi connections could be ripe for hack attacks
By inundating a wireless network with authentication handshakes, Vanhoef's research shows it's possible to figure out a 128-bit WPA2 key, through sheer volume of random number collection. It was regarded as safe and largely uncrackable, dynamically generating new keys to encrypt packets.
Attention has focused on WPA2 because it has, until now, been considered secure, and is by far the most widely used protocol to secure WiFi connections.
The WPA2 hack is alarming news, but Alex Hudson, chief technical officer at Iron, advises calm.
The vulnerability was uncovered by Mathy Vanhoef, a security expert at KU Leuven University in Belgium, who said attackers could exploit weakness in the standard itself - not in any products or implementations - to read encrypted data, and inject ransomware or malware into websites using a novel technique called a key reinstallation attack (Krack). The outlined attack works on all modern WiFi networks, and if your device supports WiFi then you are likely already affected.
Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others are all affected by some variant of the attacks, called KRACK. However, the attack is more hard on those platforms.
He also notes that devices that are running Android or other Linux-based OSes are particularly vulnerable.
"The minute you do that, you negate this vulnerability", Rudis said.
In total, 10 CVE numbers have been preserved to describe the vulnerability and its impact, and according to the US Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. In each case, the attacker can force a targeted device to re-install an already-in-use shared key, downgrading the key. The network the device is forced to connect to (the rogue network) will forward internet through it to another connection.
Reusing or recycling a nonce allows the attacker to decrypt and forge packets of information within the traffic stream, exposing user activity and data. This makes it "exceptionally trivial to manipulate and intercept traffic".
The site went on to warn that visiting only HTTPS-protected Web pages wasn't automatically a remedy for the risk.
In simpler terms, hackers can intrude on your network traffic. "The data transmitted by these devices could now be exposed". Such traffic will be encrypted on its own, and can not be read by the attacker. Vanhoef manages to steal the user's Match.com password and username. Home users advised to update their WiFi compatible devices including computers and smartphones. The researchers discovered that the WPA2 protocol does not guarantee each encryption key is only used once.
Even despite the news of a WPA2 hack as outlined at the top of this article, WPA2 is still said to be the most secure protocol. Vanhoef demonstrates such an attack by completely breaking the encryption on a connection between and Android device and the British website of Match.com, which did not set up HTTPS properly. The good thing is that all of this is patchable and can be fixed.
Piqué jeered by Spain fans after Catalan vote
Puigdemont said the low turnout was partly because many people wanted to vote, but were prevented by officials from doing so. Spain's interior minister said the 5,000 extra officers deployed to Catalonia would stay as long as necessary.
Astros vs. Red Sox 2017 live stream
The battered Red Sox left Minute Maid Park on Friday night looking like salmon swimming back upstream, ready to go home and die. The 30-year-old posted an 11-2 record on the road in the regular season, and he only gave 31 earned runs in his 17 road starts.
FIFA U-17 WC: President Wishes Black Starlets Well
The country's under-17 teams had enjoyed its best period during the 1990s, lifting the trophy in 1991 (Italy) and 1995 (Ecuador). This is just the start of the process. "I had told the team not to carry any baggage and not to play under any pressure".
Steelers back at home, ready for run-first Jaguars
The team is averaging only 3.2 yards per carry, which could be the ideal antidote for the Chargers' problems stopping the run. On Pittsburgh's next possession, the Steelers had second-and-10 from their 46 and used one receiver and three tight ends.
Hendricks outduels Strasburg, Cubs beat Nats
The first NLDS game this year is a contest between the defending World Series champion Chicago Cubs and the Washington Nationals . But I don't know, other than trying not to lose again, for me you realize you just got to get there".
Supreme Court takes up partisan redistricting case
By contrast, Roberts raised the specter of having the courts draw legislative and congressional district lines every decade. Some liberal justices wondered what would happen to voters if partisan gerrymandering made election results preordained.
Ecuador 1 Argentina 3
Paulinho opened the scoring in the 55th minute, which was followed by Jesus strikes in the 57th and 90+3rd minutes. If Chile doesn't get a point, whichever team loses by less (or Chile if it's equal), takes fifth place.