Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.
The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices. The site warned that attackers can exploit the flaw to decrypt a wealth of sensitive data that's normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.
"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on," researcher Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium wrote. "The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."
The promise of digital currency is finally coming to maturity, IBM says, with its unique international payments network.
ONE, TWO, THREE, what are we incrementing FOUR? (Don't ask, we don't give a damn)
A Dutch electronics engineer reckons Japanese auto-maker Subaru isn't acting on a key-fob cloning vulnerability he discovered.…
Proposed labelling scheme will try to match similar efforts in UK, USA
Australia's government hopes that somewhere in the world, a vendor of consumer-grade connected electronics is willing to admit it's rubbish at security by giving itself a low score in a proposed safety rating system.…
Monopoly, Ouija and even Eggo Waffles are becoming spooky games based on the Netflix show.
Strap yourselves in readers, Wi-Fi may be cooked
Updated A promo for the upcoming Association for Computing Machinery security conference has set infosec types all a-Twitter over the apparent cryptographic death of the WPA2 authentication scheme widely used to secure Wi-Fi connections.…
Everyone safe, except drone pilot who ignored local rules
Canada's transport minster has told drone operators to stay away from airports after a remotely piloted craft bonked a passenger plane during its final approach to Jean Lesage International Airport in Québec City.…
Commentary: The Canadian Minister of Transport says the drone was flying out of legal limits.
Grab some popcorn as we wait to see if @realdonaldtrump passes test of no hate symbols and glorifying violence
Twitter has reacted to last week's criticism arising from its suspension of actor actress Rose McGowan's account, after she strongly criticised alleged sex fiend Harvey Weinstein – by announcing it will soon implement and aggressively police new community standards.…
The BBC's Stephen McDonell examines China's clampdown on free speech ahead of the party congress.
Made up of over 500 cameras, the Panoptic Studio captures motion without the use of markers.
New digital technology allows people without a voice to sound like themselves for the first time.
Cisco discusses Advanced Linux Sound Architecture mess before formal CVE release
An advisory from Cisco issued last Friday, October 13th gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA).…
Sysadmins and developers rejoice! WSL is now a fully fledged part of Windows 10, starting with the latest Fall Creators Update.
Commentary: Unlike all the other companies' assistants, Google's doesn't have a name. The result? Constant chanting of the company name.
Kate McKinnon plays the presidential advisor as the creepy sewer-dwelling creature from Stephen King's "It."
Commentary: As "Silicon Valley"'s Kumail Nanjiani hosts with a caustic monologue on Islamophobia, Apple's new emojis find bad company.
Update: Earlier this week on October 11, we reviewed the new Google Home Mini—the company's entry point into its voice-controlled home assistant ecosystem. After some early users noted the device recording more than it should, Google has officially disabled its center touch point forever (in what seems like a minor disaster). As such, we've added this note to our original review, which otherwise appears unchanged below.
How much can you slice away from a Google Home and have it still be good? That was the question asked of Google's hardware team when it created the Google Home Mini, a device that slashes the $129 Google Home down to a mere $50. The result is a smaller, cheaper, simpler device that still has all the Google Assistant smarts of its bigger brother without a speaker system capable of pumping out decent-sounding music. If you've ever wondered if this voice command stuff would work in your house and need a test device, Google is hoping you'll take a gamble on this cheap little device.
AUSTIN, Texas—Standard film genres—horror, documentary, sci-fi, et al.—run rampant at Fantastic Fest, but subgenre niches also seem to emerge every outing. In 2016, the festival boasted multiple films about promotional film art, for instance, in addition to a treasure trove of animation styles.
In 2017, origin stories jumped off the schedule. The high-profile Professor Marston and the Wonder Women was the most prominent (our review to come, but it's worth it for those interested in explorations of societal forces in specific historic periods... or if you want the Finding Neverland of the Wonder Woman-universe). But that film was far from the only title taking audiences back to the beginning of a beloved (or at least notorious) cultural institution.
Fons PR / Fantastic Fest
SAN JOSE, Calif.—In bad news, Blade Runner 2049: Memory Lab is not the kind of "VR film" that should have you rushing to purchase a high-end VR rig and exploring the edges of the Blade Runner universe. The dialogue and story are first-draft fluff. The acting is stilted. Its connections to the new film are tenuous at best. And the series-lore payoff is equivalent to a cartoon character opening a wallet to let a single fly buzz out.
So why talk about it at all? Because this 25-minute experience is the most polished execution of VR-for-film I've ever seen, and it may herald the true beginning of VR films with actual human actors.