PC Review - Computer News and Reviews

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

This sounds pretty serious, especially if you're on Android or Linux.

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

The research behind the attack will be presented at the Computer and Communications Security (CCS) conference, and at the Black Hat Europe conference. Our detailed research paper can already be downloaded.

Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux. Here, the client will install an all-zero encryption key instead of reinstalling the real key. This vulnerability appears to be caused by a remark in the Wi-Fi standard that suggests to clear the encryption key from memory once it has been installed for the first time. When the client now receives a retransmitted message 3 of the 4-way handshake, it will reinstall the now-cleared encryption key, effectively installing an all-zero key. Because Android uses wpa_supplicant, Android 6.0 and above also contains this vulnerability. This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices. Note that currently 41% of Android devices are vulnerable to this exceptionally devastating variant of our attack.
Click to expand...

https://www.krackattacks.com/

More:

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
Click to expand...

https://arstechnica.com/information...l-leaves-wi-fi-traffic-open-to-eavesdropping/
Read more

Views: 76 / Likes: 1 / Replies: 3

by V_R, Oct 16, 2017 at 12:10 PM

Bitcoin soars above $5,500

Bitcoin (a digital cryptocurrency) has reached an all-time high value of just over $5,700 this week, having started the year at less than $1000. More and more people appear to be piling on to the bitcoin train, although it is still widely used as an investment, rather than a true currency.

The Guardian have an article covering some of the recent developments and high-level discussions that will impact Bitcoin in the future:

The cryptocurrency rose by more than 8% to $5,243 having started the year at $966. Bitcoin has soared by more than 750% in the past year and is worth four times as much as an ounce of gold.

But the price has been volatile. The digital currency plunged below $3,000 in mid-September after the Chinese authorities announced a crackdown. Beijing ordered cryptocurrency exchanges to stop trading and block new registrations, due to fears that increasing numbers of consumers piling into the bitcoin market could prompt wider financial problems.
Click to expand...

Read the rest here:
https://www.theguardian.com/technology/2017/oct/12/bitcoin-price-5000-cryptocurrency-gold-bubble
Read more

Views: 88 / Likes: 0 / Replies: 0

by Ian, Oct 14, 2017 at 11:44 AM

No more Windows Phone

Microsoft have officially given up on Windows Mobile, with an announcement that there will be no more development - only bugfixes and security patches:

Microsoft's difficulties in the mobile market are no secret, but for a time the company looked as if it was keeping Windows Mobile as a going concern regardless. Through 2016, Microsoft produced new builds for the Windows Insider program and added new features to Windows Mobile. At around the time of release of the Windows 10 Creators Update in April this year, that development largely ground to a halt. Windows Mobile, which already lacked certain features that were delivered to Windows on the PC, had its development forked. PC Windows development continued on the "Redstone 3" branch (which will culminate in the release of the Fall Creators Update later this month); Windows Mobile languished on a branch named "feature2."
Click to expand...

ArsTechnica have a great article on the rise and fall of Windows Mobile:
https://arstechnica.co.uk/gadgets/2...ally-dead-a-sad-tale-of-what-might-have-been/
Read more

Views: 161 / Likes: 0 / Replies: 3

by Ian, Oct 10, 2017

Kaspersky denies involvement in NSA data breach

Kaspersky have hit the headlines again, with allegations that confidential documents were stolen from an NSA contractor's home computer by Russian agents. These files were allegedly targeted by hackers after being identified by the AV software. Kaspersky have robustly denied the allegations:

The report may well be true, but, for now, there's no way to independently confirm it. The report is based on unnamed people the publication says had knowledge of the matter, and it provides no evidence to support its claim. What's more, the lack of detail leaves open the possibility that, even if Kaspersky's AV did help Russia home in on the highly sensitive code and documents, the disclosure was the inadvertent result of a software bug, and no one from Kaspersky Lab cooperated with the attackers in any way. Also lost in the focus on Kaspersky Lab is the startling revelation that yet another NSA insider managed to sneak classified material outside of the NSA's network and put it on an unsecured computer. More of this analysis will follow.
Click to expand...

Read the rest here:
https://arstechnica.com/information...ms-kaspersky-helped-steal-secret-nsa-secrets/
Read more

Views: 202 / Likes: 0 / Replies: 3

by Ian, Oct 6, 2017

Google Pixel 2 and Pixel 2 XL

Google have officially announced the second generation of Pixel smartphones, the Pixel 2 and Pixel 2XL. There are a fair number of changes from previous versions, including an IP67 rating (can survive 1m of water for 30 mins) as well as a highly rated camera module.

As expected, the Pixel 2 and Pixel 2 XL have a few differences between one another.

The most notable difference can be found on the front. The smaller Pixel 2 sports a 5.0-inch OLED 1,920 x 1,080 display with a more traditional 16:9 aspect ratio, while the Pixel 2 XL goes the more modern route with its 6.0-inch 2,880 x 1,440 P-OLED display with an 18:9 aspect ratio. There’s a noticeable amount of bezel on the top and bottom of the Pixel 2, whereas the 2 XL has very slim bezels around its screen.

Also, due to the difference in size, the Pixel 2 comes with a much smaller 2,700 mAh battery while the Pixel 2 XL sports a 3,520 mAh cell.
Click to expand...

Android Authority have more here: http://www.androidauthority.com/google-pixel-2-xl-804237/
Read more

Views: 258 / Likes: 0 / Replies: 2

by Ian, Oct 4, 2017

"Loihi" AI Chip from Intel

Intel have unveiled their new AI chip, called "Loihi". It's based on nueromorphic technology, meaning that it mimics the structure of a brain, which should help solve certain types of problem more efficiently:

Intel has been exploring neuromorphic tech for awhile, and even designed a chip in 2012. Instead of logic gates, it uses "spiking neurons" as a fundamental computing unit. Those can pass along signals of varying strength, much like the neurons in our own brains. They can also fire when needed, rather than being controlled by a clock like a regular processor.

Intel's Loihi chip has 1,024 artificial neurons, or 130,000 simulated neurons with 130 million possible synaptic connections. That's a bit more complex than, say, a lobster's brain, but a long ways from our 80 billion neurons.
Click to expand...

Read more at Engadget:
https://www.engadget.com/2017/09/26/intel-loihi-neuromorphic-chip-human-brain/
Read more

Views: 259 / Likes: 0 / Replies: 0

by Ian, Sep 28, 2017

Intel i9-7980XE and i9-7960X CPU Reviews

We've got a roundup of reviews for the new Intel i9-7980XE and i9-7960X CPUs (18 and 16 core respectively). These are at very top of the high-end market, designed to compete with AMD's Threadripper series. You'll need deep pockets to buy one, as they'll cost just shy of £2,000:

Anandtech: The Intel Core i9-7980XE and Core i9-7960X CPU Review Part 1: Workstation

ExtremeTech: Intel Core i9-7980XE Review: Reclaiming the Desktop Performance Crown

TechSpot: Intel Core i9-7980XE & 7960X Review

HotHarwdare: Intel Core i9-7980XE And Core i9-7960X Review: Intel Attacks AMD Threadripper

ArsTechnica: Intel Core i9-7960X review: It beats Threadripper, but for a price

Read more

Views: 364 / Likes: 0 / Replies: 0

by Ian, Sep 25, 2017

Google signs $1.1bn HTC smartphone deal

Alphabet's Google has struck a $1.1bn (£822m) deal with Taiwan's HTC to expand its smartphone business.

Google will not take a stake in the firm, but some HTC staff will join the Silicon Valley giant.

The Taiwanese company was once a major player in the smartphone market but has struggled to compete with the likes of Apple and Samsung.

Google expects the deal to close by early 2018, provided it gets the all clear from regulators.

Shares in HTC were suspended in Taiwan on Thursday.
Click to expand...

http://www.bbc.com/news/business-41343586

Official Google blog post.
https://www.blog.google/topics/hardware/google-signs-agreement-htc-continuing-our-big-bet-hardware/
Read more

Views: 380 / Likes: 1 / Replies: 2

by V_R, Sep 21, 2017

Welcome to PC Review!

Hello and welcome to PC Review. We're a friendly computing community, bustling with knowledgeable members to help solve your tech questions.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to ask any tech support questions, or chat with the community and help others. Ask a Question

Latest Threads

WCG Stats Tuesday 17 October 2017
WCG Stats posted Oct 17, 2017 at 8:00 AM
Minecraft - Windows 10 Version
Molyfar posted Oct 16, 2017 at 10:25 PM
CAD Software advice
Molyfar posted Oct 16, 2017 at 10:15 PM
Amaze/Delrina Daily Planner on Windows 10 and beyond...
Krusch posted Oct 16, 2017 at 8:01 PM
Hotmail Email forwarding
judyeb posted Oct 16, 2017 at 3:26 PM
Four distros recommended for older machines
floppybootstomp posted Oct 16, 2017 at 2:15 PM
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
V_R posted Oct 16, 2017 at 12:10 PM
WCG Stats Monday 16 October 2017
WCG Stats posted Oct 16, 2017 at 8:00 AM
GAME RETAIL LIMITED - can they do this, and is it legal
Captain Jack Sparrow posted Oct 15, 2017 at 5:37 PM
Hey there!
IceFairyAmy posted Oct 15, 2017 at 8:55 AM

Latest Articles

Synology DS916+

Netgear Orbi

QNAP TVS-873

HP DeskJet 3630 Wireless All-in-One Printer

APC Back-UPS Pro 900

Wanhao Duplicator i3