Recent Posts

Pages: [1] 2 3 ... 10
General Chat / Re: National Weather Report
« Last post by MeAtMac DotCalm on Today at 02:58:19 PM »
The day has become very sunny and windy out of the southwest providing a much warmer day than yesterday.

In fact upon checking it was warmer at 8AM this morning than the high temperature at this time yesterday when it didn't break the single digits technically.

The temp is a pleasant 16°C and feels warmer out of the wind. A lovely fall day.
General Chat / Re: RIP Gord Downie
« Last post by Gerk on Today at 01:48:04 PM »
Sad, but his pain is now done.  RIP.
General Chat / Re: RIP Gord Downie
« Last post by Groovetube on Today at 11:58:04 AM »
Very sad day. I know a few of his band mates, the love runs strong through that band, I've seen first hand this love and have always admired it.

Such a really small thing really, but one memory I have always smiled at, one of my 90s bands did a number of openers with them, last one was one of their secret shows, it was buffalo a theatre. It was wild, knowing a few days prior but not allowed to say a word, I kept my promise :) Anyway, walking down the theatre aisle he was walking up toward me I thought, oh wow there is good downie... he walked right for me shook my hand and said hey Tim! how are you, and wanted to sit and chat. I barely met him twice. He was someone who took the time to remember everyones name, and spend time talking with everyone, never once got the sense he was entitled and/or star crap etc. I've heard people say it but, nope, he was not.

He was one of the good guys.
General Chat / Re: RIP Gord Downie
« Last post by MeAtMac DotCalm on Today at 10:32:56 AM »
Very sad news for us all.

Mr. Downie's burdens and pain have stopped. My condolences to his family, his friends and his associates. He leaves us much too soon. R.I.P.
General Chat / Re: RIP Gord Downie
« Last post by Ottawaman on Today at 09:34:25 AM »
True, but his music will be there to comfort us.
General Chat / Re: National Weather Report
« Last post by Mouse on Today at 09:15:44 AM »
Much better yet again.  :D

Sunny.  Wind becoming southwest 30 km/h gusting to 50 near noon.  High 20.  UV index 3 or moderate.

Clear.  Wind southwest 20 km/h. Low 10.
General Chat / RIP Gord Downie
« Last post by Max on Today at 08:52:29 AM »
53 years young. Sad day.
General Chat / Re: National Weather Report
« Last post by MeAtMac DotCalm on Today at 07:54:29 AM »
Mostly cloudy 10°C, winds are light out of a southerly direction. A chance of showers this morning.
Yesterday, it was announced by security researchers the WPA2 Wi-Fi security protocol had been breached by an exploit dubbed as KRACK, affecting almost all Wi-Fi devices.,1181.0.html

One of the researchers who discovered the exploit, Matty Vanhoef, explained “Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.”

Researchers note the exploit is particularly dangerous for Linux users and Android users on 6.0 software or higher (41%), because “Android and Linux can be tricked into (re)installing an all-zero encryption key.”

If you’re worried about your Apple devices, the company confirmed to iMore and other outlets they have already patched the KRACK exploit in its latest software betas, as per Rene Ritchie:

Apple has confirmed to me that the KRACK exploit has already been patched in iOS, tvOS, watchOS, and macOS betas.

Ritchie also says “it’s my understanding that Apple’s AirPorts, including Express, Extreme, and Time Capsule don’t seem be vulnerable to the exploit, even if using one as a bridge.”

Expect the latest fixes from Apple to be released to the public in a few weeks, which may seem like an eternity for those who seek security when connected to Wi-Fi.

Microsoft said it already released Windows updates to fix KRACK on October 10th, but told The Verge it “withheld disclosure until other vendors could develop and release updates.”

How to protect yourself from KRACK if you’re paranoid? Use an ethernet connection to connect to the web and stay off devices which do not have Wi-Fi software patches yet.

Stay tuned as more hardware vendors release updates for this WPA2 Wi-Fi exploit.

KRACK Wi-Fi attack threatens all networks: How to stay safe and what you need to know

A devastating flaw in Wi-Fi’s WPA security protocol makes it possible for attackers to eavesdrop on your data when you connect to Wi-Fi. Dubbed KRACK, the issue affects the Wi-Fi protocol itself—not specific products or implementations—and “works against all modern protected Wi-Fi networks,” according to Mathy Vanhoef, the researcher that discovered it. That means that if your device uses Wi-Fi, KRACK likely impacts it.

Read on for what you need to know about the KRACK Wi-Fi vulnerability, from how it works to how to best protect yourself against it. We’ll update this article as more information becomes available.

How does KRACK break Wi-Fi security?

KRACK (short for, uh, Key Reinstallation AttaCK) targets the third step in a four-way authentication “handshake” performed when your Wi-Fi client device attempts to connect to a protected Wi-Fi network. The encryption key can be resent multiple times during step three, and if attackers collect and replay those retransmissions in particular ways, Wi-Fi security encryption can be broken.

[ Further reading: How to remove malware from your Windows PC ]
That’s the CliffsNotes version. For a more technically detailed explanation, check out Mathy Vanhoef’s KRACK attacks website.

What devices are affected by KRACK?

If your device uses Wi-Fi, it’s likely vulnerable to the KRACK Wi-Fi security flaw to some degree, though some get it worse than others. We go into greater detail about how particular devices are affected by KRACK in a dedicated section further below.

What happens when Wi-Fi security is broken?

For starters, the attacker can eavesdrop on all traffic you send over the network. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on,” Vanhoef says. For a deeper look at the potential impact, check out PCWorld’s article on what an eavesdropper sees when you use an unsecured Wi-Fi hotspot. It’s a few years old, but still illuminating.

The United States Computer Emergency Readiness Team also issued this warning as part of its KRACK security advisory, per Ars Technica: “The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others.” HTTP content injection means the attacker could sneak code into the websites you’re looking at to infect your PC with ransomware or malware.

So yeah, it’s bad. Keep your security software active, just in case.

Is Wi-Fi security being broken in the wild?

“We are not in a position to determine if this vulnerability has been (or is being) actively exploited in the wild,” Vanhoef says. US-CERT’s advisory didn’t include any information about whether KRACK is being exploited in the wild, either.

Now for some somewhat settling news: Iron Group CTO Alex Hudson says an attacker needs to be on the same Wi-Fi network as you in order to carry out any nefarious plans with KRACK. “You’re not suddenly vulnerable to everyone on the internet,” he says.

How to protect yourself from KRACK’s Wi-Fi flaw

Keep your devices up to date! Vanhoef says “implementations can be patched in a backwards-compatible manner.” That means that your device can download an update that protects against KRACK and still communicate with unpatched hardware while being protected from the security flaw. Given the potential reach of KRACK, expect those patches to come quickly from major hardware and operating system vendors.

Update: Microsoft told Windows Central that a patch quietly rolled out on October 10 protects Windows 10 PCs against KRACK.

Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically. We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates

Until those updates appear for other devices, consumers can still take steps to safeguard against KRACK. The easiest thing would be to simply use a wired ethernet connection, or stick to your cellular connection on a phone. That’s not always possible though. 

If you need to use a public Wi-Fi hotspot—even one that’s password protected—stick to websites that use HTTPS encryption. Secure websites are still secure even with Wi-Fi security broken. The URLs of encrypted websites will start with “HTTPS,” while unsecured websites are prefaced by “HTTP.” The Electronic Frontier Foundation’s superb HTTPS Everywhere browser plug-in can force all sites that offer HTTPS encryption to use that protection.

Alternatively, you can hop on a virtual private network (VPN) to hide all of your network traffic. Don’t trust random free VPNs, though—they could be after your data as well. PCWorld’s guide to the best VPN services can help you pick out a trustworthy provider. And again, keep your security software up to date to protect against potential code injected malware.

Device and router Wi-Fi security FAQ

Is my phone at risk?

KRACK is a different sort of attack than previous exploits, in that it doesn’t go after devices, it goes after the information you use them to send. So while the data stored on your phone is safe from hacking, whenever you use it to send a credit card number, password, email, or message over Wi-Fi, that data could be stolen.

So my router is vulnerable?

That’s closer, but still not totally accurate. It’s not the device that’s at risk, it’s the information, so the sites you visit that aren’t HTTPS are most vulnerable

Oh, so I should change my Wi-Fi password then?

Well, you can, but it’s not going to stop the likelihood of attack. The exploit targets information that should have been encrypted by your router, so the attacker doesn’t need to crack your password to implement it. In fact, it has no bearing on the attack whatsoever.

So all devices are at risk?

Now you’re getting it. However, while any device that sends and receives data over Wi-Fi is at risk, the researchers who uncovered the attack said Android devices were more at risk than other mobile phones.

Great, I have an Android phone. But I’m running Nougat so I’m safe, right

Unfortunately, no. Newer phones running Android 6.0 or later are actually more at risk since there is an existing vulnerability in the code that compounds the issue and makes it easier to “intercept and manipulate traffic.”

So are my iPhone and Mac safe?

Safer than Android, but still not entirely safe. Update: Apple said in a statement that all current iOS, macOS, watchOS, and tvOS betas include a fix for KRACK.

And Windows PCs too?

Yup, same deal, but Microsoft said in a statement that it has a security update to address this issue incoming. Update: Nope. Microsoft released a patch to protect against KRACK on October 10, before the vulnerability was made public.

I run Linux. I’m impenetrable to attack, right?

Not quite. Researchers actually found that Linux machines were the most vulnerable desktop devices, with a similar bug to the one found in the Android code.

So should I turn off Wi-Fi?

That’s probably not a viable option for most people, but if you’re completely panic-stricken, then the only way to be completely safe is to avoid using Wi-Fi until you know your router has been patched.

OK, I’m not doing that. What else can I do?

Right now, all you can do is wait. Google has already confirmed that it is aware of the issue and will be distributing a patch, and Apple and Microsoft will presumably do the same, as well as Linux purveyors. So keep checking for updates and install them when they arrive.

I have automatic updates turned on. How do I know if my device has been updated?

The quickest way is to check the system our software updates tab in your Settings app to see when the most recent version has been updated. Also, Owen Williams is keeping a running list of companies that have distributed patches on his Recharged blog.

What about my router?

First, you should check to see if your router has any pending firmware updates. Most people aren’t as vigilant in updating their routers as they are with their phones or PCs, so log into your admin page and install any waiting updates. If there aren’t any, it’s a good habit to check back every day, since companies will be rolling out patches over the coming weeks, with some already being implemented.

Pages: [1] 2 3 ... 10