Slashdot

Subscribe to Slashdot feed Slashdot
News for nerds, stuff that matters
Updated: 1 hour 49 min ago

Google Pledges Carbon-Neutral Shipping, Recycled Plastic For All Devices

Mon, 2019-08-05 20:45
Alphabet's Google on Monday announced that it would neutralize carbon emissions from delivering consumer hardware by next year and include recycled plastic in each of its products by 2022. From a report: The new commitments step up the competition among tech companies aiming to show consumers and governments that they are curbing the environmental toll from their widening arrays of gadgets. Anna Meegan, head of sustainability for Google's devices and services unit, said in an interview that the company's transport-related carbon emissions per unit fell 40% last year compared to 2017 by relying more on ships instead of planes to move phones, speakers, laptops and other gadgets from factories to customers across the world. The company will offset remaining emissions by purchasing carbon credits, Meegan said.

Read more of this story at Slashdot.

Categories: Linux fréttir

'There is No Evil Like reCAPTCHA (v3)'

Mon, 2019-08-05 20:05
An anonymous reader shares a post: Like many things that starts out as a mere annoyance, though eventually growing into somewhat of an affliction. One particularly dark and insidious thing has more than reared its ugly head in recent years, and now far more accurately described as an epidemic disease. I'm talking about the filth that is reCAPTCHA. Yes that seemingly harmless question of "Are you a human?" Truly I wish all this called for were sarcastic puns of 'The Matrix' variety but the matter is far more serious. Google describes reCAPTCHA as: "[reCAPTCHA] is a free security service that protects your websites from spam and abuse." However, this couldn't be further from the truth, as reCAPTCHA is actually something that causes abuse. In fact, I would go so far as to say that being subjected to constant reCAPTCHAs is actually an act of human torture and disregard for a person's human right of mental comfort. The author goes on to make several points.

Read more of this story at Slashdot.

Categories: Linux fréttir

Microsoft Launches Azure Security Lab, Doubles Top Bug Bounty To $40,000

Mon, 2019-08-05 19:25
At Black Hat 2019 today, Microsoft announced the Azure Security Lab, a sandbox-like environment for security researchers to test its cloud security. The company also doubled the top Azure bug bounty to $40,000. From a report: Bug bounty programs are a great complement to existing internal security programs. They help motivate individuals and groups of hackers to not only find flaws but disclose them properly, instead of using them maliciously or selling them to parties that will. Microsoft shared today that it has issued $4.4 million in bounty rewards over the past 12 months. The Azure Security Lab takes the idea to the next level. It's essentially a set of dedicated cloud hosts isolated from Azure customers so security researchers can test attacks against cloud scenarios. The isolation means researchers can not only research vulnerabilities in Azure, they can attempt to exploit them.

Read more of this story at Slashdot.

Categories: Linux fréttir

The Beauty of Japan's Lonely Vending Machines

Mon, 2019-08-05 18:46
Jacopo Prisco, writing for CNN: Vending machines are a mainstay of Japanese culture. There are over 5.5 million in the country -- one for every 23 people, the highest ratio in the world. They're ubiquitous and almost always outdoors, making them immediately stand out to anyone visiting Japan. They sell nearly everything -- including some rather peculiar items. Most are stocked with hot and cold drinks. Some have funny English names, like "Pocari Sweat" or "Calpis Water." At night, rather than switching off, the machines come to life with vibrant colors and bright lights. Photographer Eiji Ohashi has spent years photographing them across Japan in the dead of the night, and now he has brought the images together in a book titled "Roadside Lights." For Ohashi, the machines once served as beacons: "I started this project nine years ago, when I noticed a shiny vending machine near my home as I was coming back from my night shift," he said in an email interview. "At the time, I was living in a town in the north of Japan that would get hit by terrible blizzards during the winter months. I'd drive my car in (these) conditions and use the light of the vending machines to guide me."

Read more of this story at Slashdot.

Categories: Linux fréttir

8chan Goes Dark After Hardware Provider Discontinues Service

Mon, 2019-08-05 17:55
Internet hate forum 8chan has gone dark after web services company Voxility banned the site -- and also banned 8chan's new host Epik, which had been leasing web space from it. From a report: Epik began working with 8chan over the weekend after web services giant Cloudflare cut off service, following the latest of at least three mass shootings linked to 8chan. But Stanford researcher Alex Stamos noted that Epik seemed to lease servers from Voxility, and when Voxility discovered the content, it cut ties with Epik almost immediately. "As soon as we were notified of the content that Epik was hosting, we made the decision to totally ban them," Voxility business development VP Maria Sirbu told The Verge. Sirbu said it was unlikely that Voxility would work with Epik again. "This is the second situation we've had with the reseller and this is not tolerable," she said.

Read more of this story at Slashdot.

Categories: Linux fréttir

Twitter Users Are Escaping Online Hate by Switching Profiles To Germany

Mon, 2019-08-05 17:25
An anonymous reader shares a report: A couple years ago, a friend invited Carl Perez to a virtual world promising online discourse free of Nazis. That world was Germany. Perez, who uses gender-neutral pronouns, didn't fly from their home in Colorado to escape the hatred they saw online. Instead, Perez simply changed their Twitter account location. "Since then, I've seen pretty much no nationalist content," they said. Perez is not alone in trying to escape a sea of hate by virtually jumping ship to Germany. But local residents and researchers say German Twitter is not exactly the internet utopia some imagine. "We are not the paradise of social media without any hate speech whatsoever," said Stephan Dreyer, a senior media law and governance researcher at the Hans-Bredow-Institut in Germany. While the most obvious expressions of Nazism and racism may be harder to find on Twitter accounts with their locations set to Germany, there is still plenty of coded content that slips through the cracks, Dreyer said. Twitter users often point to the company's content policy in Germany to argue it should be able to identify and remove Nazis from the platform in other regions. When Maureen Colford learned about the location setting "hack" to filter out Nazis, she said she was "amazed that somehow Twitter manages to do this in Germany," and wondered, "why can't they do this everywhere?"

Read more of this story at Slashdot.

Categories: Linux fréttir

UK-based Mobile-Only Bank Monzo Admits To Storing Payment Card PINs in Internal Logs

Mon, 2019-08-05 16:45
Monzo, a mobile-only bank operating in the UK, admitted today to storing payment card PINs inside internal logs. From a report: The company is now notifying all impacted customers and urging users to change card PINs the next time they use a cash machine. Monzo described the issue as a "bug" that occurred when Monzo customers used two specific features of their Monzo mobile apps -- namely the feature that reminds users of their card number and the feature for canceling standing orders. When Monzo customers used one of these two features, they'd be asked to enter their account PIN, for authorization purposes, but unbeknowst to them, the PIN would also be logged inside Monzo's internal logs. Monzo said these logs were encrypted and that only a few employees had access to the data stored inside. The company said it discovered the bug on Friday, August 2, and spent all weekend removing PIN numbers from its internal logs.

Read more of this story at Slashdot.

Categories: Linux fréttir

Elon Musk Hints at Tesla's Secret Project 'Dojo' Making the Difference in Race To Full Self-Driving

Mon, 2019-08-05 16:03
Elon Musk set an aggressive deadline for Tesla to achieve full self-driving capability, but the electric automaker might have an ace up its sleeve that mostly went under the radar: project 'Dojo.' Electrek: Over the weekend, Musk hinted that it could make the difference. During Tesla's Autonomy Day earlier this year, Musk and other Tesla executives gave presentations about what the company is doing to try to achieve full self-driving capability by the end of next year. While most people were focused on the unveiling of Tesla's new HW3 'Full Self-Driving Computer,' which was being explained for the first time and is now installed in all new Tesla vehicles, there was a brief mention of another computer, the Dojo computer, that Tesla is working on and it could be a game-changer. Last weekend, Musk was asked about the secret project and while the CEO didn't reveal anything new, he did hint that it could make the difference. During Autonomy Day, Musk briefly mentioned the project 'Dojo': "We do have a major program at Tesla which we don't have enough time to talk about today called "Dojo." That's a super powerful training computer. The goal of Dojo will be to be able to take in vast amounts of data and train at a video level and do unsupervised massive training of vast amounts of video with the Dojo program -- or Dojo computer."

Read more of this story at Slashdot.

Categories: Linux fréttir

Huawei Tests Smartphone With Own OS, Could Potentially Start Selling Them Later This Year

Mon, 2019-08-05 15:25
Huawei is testing a smartphone equipped with Hongmeng, the company's self-developed operating system, which could potentially go on sale by the end of this year, Chinese state-media outlet Global Times reported. From a report: The release of a Hongmeng-powered smartphone would mark a major step for China's Huawei, the world's second-biggest maker of smartphones, as U.S. government actions threaten its access to Google's Android operating system. The device will be priced at around 2,000 yuan ($288), the Global Times said on Sunday, citing unnamed sources. That will place the device toward the low-end segment of the smartphone market. Huawei executives have previously described Hongmeng as an operating system designed for internet-of-things products. Last month the company said the first major devices powered by Hongmeng would be its upcoming line of Honor-brand smart TVs.

Read more of this story at Slashdot.

Categories: Linux fréttir

Violent Video Games Don't Cause Mass Shootings, Study Says

Mon, 2019-08-05 14:42
From a report: Violent video games (and television and movies) have been a frequent scapegoat for acts of real-world violence. But it's hard to ignore the fact that video games are popular all over the world, yet mass shootings aren't common in most of those places. Naturally, that was the case put forth by the Entertainment Software Association, the video game industry's trade group. "Violent crime has been decreasing in our country at the very time that video games have been increasing in popularity," the group said in a statement. "And other societies, where video games are played as avidly, do not contend with the tragic levels of violence that occur in the U.S." The same case is also backed up by academic research. "Study after study has established that there is no causal link between video games and real world violence," the ESA said.

Read more of this story at Slashdot.

Categories: Linux fréttir

Half of All Google Chrome Extensions Have Fewer Than 16 Installs

Mon, 2019-08-05 14:05
There are 188,620 extensions available on the Chrome Web Store, and while you might think this provides a wide variety of choices for Chrome users, in reality, most of these extensions are dead or dwindling, with very few having active installations. From a report: All in all, about 50% of all Chrome extensions have fewer than 16 installs, meaning that half of the Chrome extension ecosystem is actually more of a ghost town, according to a recent scan of the entire Chrome Web Store conducted by Extension Monitor. Further, 19,379 extensions (just over 10%) have zero installs, and 25,540 extensions (13% of the total) have just one user. The scan found that there are very few Chrome extensions that managed to establish a dedicated userbase. According to Extension Monitor, around 87% of all extensions have fewer than 1,000 installs.

Read more of this story at Slashdot.

Categories: Linux fréttir

Possible Link Found Between Body Weight and the Immune System

Mon, 2019-08-05 10:34
The Atlantic talked to Lora Hooper, chair of the immunology department at the University of Texas Southwestern Medical Center, one of the researchers investigating gut microbes, inflammation, and what may be a very important connection. They note that the rise of antibiotic usage among humans "coincides with the obesity epidemic." This could be a spurious correlation, of course -- lots of things have been on the rise since the '50s. But dismissing it entirely would require ignoring a growing body of evidence that our metabolic health is inseparable from the health of our gut microbes... While other researchers focused on the gut microbiome itself, [Hooper] took an interest in the immune system. Specifically, she wanted to know how an inflammatory response could influence these microscopic populations, and thus be related to weight gain. Over the past decade or so, multiple studies have shown that obese adults mount less effective immune responses to vaccinations, and that both overweight and underweight people have elevated rates of infection. But these were long assumed to be effects of obesity, not causes. "When I started my lab there wasn't much known about how the immune system perceives the gut microbes," Hooper says. "A lot of people thought the gut immune system might be sort of blind to them." To her, it was obvious that this couldn't be the case. The human gut is host to about 100 trillion bacteria. They serve vital metabolic functions, but can quickly kill a person if they get into the bloodstream. "So clearly the immune system has got to be involved in maintaining them," she says. It made sense to her that even subtle changes in the functioning of the immune system could influence microbial populations -- and, hence, weight gain and metabolism. This theory was borne out late last month in a paper in Science... [T]his experiment is a demonstration of principle: The immune system helps control the composition of the gut microbiome. Slashdot reader Beeftopia submitted the story, noting that even the North American Meat Institute, the largest trade group representing meat processors, acknowledges that the use of some antibiotics "can destroy certain bacteria in the gut and help livestock and poultry convert feed to muscle more quickly causing more rapid growth." [PDF, page 4]. "Inflammation plays a critical role in determining how we digest food," writes the Atlantic, "and it's only now starting to reveal itself."

Read more of this story at Slashdot.

Categories: Linux fréttir

Lyft Pulls Its Electric Bikes From the Bay Area After Four Catch on Fire

Mon, 2019-08-05 07:25
"Lyft's Wednesday move to pull all its black and pink electric bikes from the East Bay, San Francisco and San Jose came after flammable battery packs or vandalism caused at least four bikes to catch fire," reports the Bay Area Newsgroup: San Jose city officials are encouraged by the fact no one was injured when a bike caught fire there on Tuesday, said Colin Heyne, a spokesman for the Department of Transportation... "They have no intention of re-introducing the bikes until they know what the problem is and have fixed it," Heyne said. "We'll work with them to get a full picture of what they are doing to investigate these batteries and what they will go through for safety testing before they relaunch the bikes...." Representatives from Lyft reached out to the city on Wednesday after two fires were reported in San Francisco over the past week, he said, and told them it would deactivate the e-bikes until it could remove them from its fleet... Lyft spokeswoman Julie Wood declined to answer questions about the incidents, other than to say no one was injured.... Wood on Thursday didn't respond to repeated questions from this news organization about whether there were any fires involving the e-bikes outside of San Francisco. Lyft told the paper at least one of the fires was causd by vandalism (and not a malfunctioning battery) but acknowledged they weren't sure what caused the next two bike fires. One frequent cycler wondered why Lyft didn't simply offer their customers regular (non-electric) bicycles? He told the newspaper that the disruption in service was frustrating -- though "I understand the safety concern and I don't want there to be a battery exploding between my legs when I'm riding the bike around." The paper also notes reports that Lyft "pulled its black electric assist bikes in April after problems with the brakes caused some riders to careen over the handlebars."

Read more of this story at Slashdot.

Categories: Linux fréttir

Cloudflare Terminates 8chan

Mon, 2019-08-05 03:25
"We just sent notice that we are terminating 8chan as a customer effective at midnight tonight Pacific Time," writes Cloudflare CEO Matthew Prince. "The rationale is simple: they have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths. Even if 8chan may not have violated the letter of the law in refusing to moderate their hate-filled community, they have created an environment that revels in violating its spirit." We do not take this decision lightly. Cloudflare is a network provider. In pursuit of our goal of helping build a better internet, we've considered it important to provide our security services broadly to make sure as many users as possible are secure, and thereby making cyberattacks less attractive -- regardless of the content of those websites. Many of our customers run platforms of their own on top of our network. If our policies are more conservative than theirs it effectively undercuts their ability to run their services and set their own policies. We reluctantly tolerate content that we find reprehensible, but we draw the line at platforms that have demonstrated they directly inspire tragic events and are lawless by design. 8chan has crossed that line. It will therefore no longer be allowed to use our services. Unfortunately, we have seen this situation before and so we have a good sense of what will play out. Almost exactly two years ago we made the determination to kick another disgusting site off Cloudflare's network: the Daily Stormer. That caused a brief interruption in the site's operations but they quickly came back online using a Cloudflare competitor. That competitor at the time promoted as a feature the fact that they didn't respond to legal process. Today, the Daily Stormer is still available and still disgusting. They have bragged that they have more readers than ever. They are no longer Cloudflare's problem, but they remain the Internet's problem. I have little doubt we'll see the same happen with 8chan. Prince adds that since terminating the Daily Stormer they've been "engaging" with law enforcement and civil society organizations to "try and find solutions," which include "cooperating around monitoring potential hate sites on our network and notifying law enforcement when there was content that contained an indication of potential violence." Earlier today Prince had used this argument in defense of Cloudflare's hosting of the 8chan, telling the Guardian "There are lots of competitors to Cloudflare that are not nearly as law abiding as we have always been." He added in today's blog post that "We believe this is our responsibility and, given Cloudflare's scale and reach, we are hopeful we will continue to make progress toward solving the deeper problem." "We continue to feel incredibly uncomfortable about playing the role of content arbiter and do not plan to exercise it often.... Cloudflare is not a government. While we've been successful as a company, that does not give us the political legitimacy to make determinations on what content is good and bad. Nor should it. Questions around content are real societal issues that need politically legitimate solutions..." "What's hard is defining the policy that we can enforce transparently and consistently going forward. We, and other technology companies like us that enable the great parts of the Internet, have an obligation to help propose solutions to deal with the parts we're not proud of. That's our obligation and we're committed to it."

Read more of this story at Slashdot.

Categories: Linux fréttir

Google's Plans for Chrome Extensions 'Won't Really Help Security', Argues EFF

Mon, 2019-08-05 01:36
Is Google making the wrong response to the DataSpii report on a "catastrophic data leak"? The EFF writes: In response to questions about DataSpii from Ars Technica, Google officials pointed out that they have "announced technical changes to how extensions work that will mitigate or prevent this behavior." Here, Google is referring to its controversial set of proposed changes to curtail extension capabilities, known as Manifest V3. As both security experts and the developers of extensions that will be greatly harmed by Manifest V3, we're here to tell you: Google's statement just isn't true. Manifest V3 is a blunt instrument that will do little to improve security while severely limiting future innovation... The only part of Manifest V3 that goes directly to the heart of stopping DataSpii-like abuses is banning remotely hosted code. You can't ensure extensions are what they appear to be if you give them the ability to download new instructions after they're installed. But you don't need the rest of Google's proposed API changes to stop this narrow form of bad extension behavior. What Manifest V3 does do is stifle innovation... The EFF makes the following arguments Google's proposal: Manifest V3 will still allow extensions to observe the same data as before, including what URLs users visit and the contents of pages users visitManifest V3 won't change anything about how "content scripts" work...another way to extract user browsing data.Chrome will still allow users to give extensions permission to run on all sites. In response Google argued to Forbes that the EFF "fails to account for the proposed changes to how permissions work. It is the combination of these two changes, along with others included in the proposal, that would have prevented or significantly mitigated incidents such as this one." But the EFF's technology projects director also gave Forbes their response. "We agree that Google isn't killing ad-blockers. But they are killing a wide range of security and privacy enhancing extensions, and so far they haven't justified why that's necessary." And in the same article, security researcher Sean Wright added that Google's proposed change "appears to do little to prevent rogue extensions from obtaining information from loaded sites, which is certainly a privacy issue and it looks as if the V3 changes don't help." The EFF suggests Google just do a better job of reviewing extensions.

Read more of this story at Slashdot.

Categories: Linux fréttir

Ask Slashdot: Do You Prefer One-Time Purchases or SaaS Subscriptions?

Sun, 2019-08-04 23:36
Long-time Slashdot reader shanen remembers the days of one-time software purchases, before companies began nudging customers to a subscription-based "software as a service" model: New bugs and security vulnerabilities keep being discovered, which means the product cannot EVER be regarded as completed. Whatever the original cost, no matter what the software was supposed to do, it needs unending support. Right now I'm unable to see any other solution than SaaS! Not limited to Microsoft, of course. Perhaps Apple was the original source of the approach... Slashdot reader dryriver sees a dire trend: Current computing younglings may never know a future where you can actually run software locally on a PC you own, and/or not pay for it as SaaS. All perpetual software licenses may go away in the next six years. Autodesk and Adobe have already moved to SaaS-only. But is there a case to made for ongoing payments to fund ongoing support? Or is SaaS just an exploitative business model that's bad for customers but good for software vendors? Share your own thoughts in the comments. And do you prefer one-time purchases or SaaS subscriptions?

Read more of this story at Slashdot.

Categories: Linux fréttir

Researchers Build Device That Turns Heat Into Light, Possibly Boosting Solar Cell Efficiency

Sun, 2019-08-04 22:34
Kant (Slashdot reader #67,320) shared this story from the photovoltaics news site PV Magazine: Scientists at Rice University in Texas have developed a device which converts heat into light by squeezing it into a smaller bandgap. The 'hyperbolic thermal emitter' could be combined with a PV system to convert energy otherwise wasted as heat -- a development the researchers say could drastically increase efficiency... "Any hot surface emits light as thermal radiation," said Gururaj Naik, assistant professor of electrical and computer engineering at Rice. "The problem is that thermal radiation is broadband while the conversion of light to electricity is efficient only if the emission is in a narrow band." The team worked to create a device that could squeeze the photons emitted as heat into a narrower band that could be absorbed by a solar cell... The next step for the research will be to combine the 'hyperbolic thermal emitter' device with a solar cell. "By squeezing all the wasted thermal energy into a small spectral region we can turn it into electricity very efficiently," said Naik, "the theoretical prediction is that we can get 80% efficiency."

Read more of this story at Slashdot.

Categories: Linux fréttir

After 8chan Possibly Linked To Another Shooting, Cloudflare CEO Defends Hosting It

Sun, 2019-08-04 21:39
The Guardian learned that the suspected mass shooter at an El Paso, Texas Walmart "is believed to also have posted a white nationalist rant on 8chan" -- then interviewed the CEO of the company hosting it. If the connection between the 21-year-old suspect in Saturday's massacre and the 8chan document is confirmed -- and law enforcement sources told NBC News that they are "reasonably confident" that they are linked -- then the El Paso attack will mark the third mass shooting in less than six months that was announced in advance on the message board... Throughout the day on Saturday, 8chan users discussed the massacre and the suspect, with many referring to the alleged shooter as "our guy" and praising the number of people killed... "If I could wave a magic wand and make all of the bad things that are on the internet go away -- and I personally would put the Daily Stormer and 8chan in that category of bad things -- I would wave that magic wand tomorrow," [Cloudflare CEO Matthew] Prince said. "It would be the easiest thing in the world and it would feel incredibly good for us to kick 8chan off our network, but I think it would step away from the obligation that we have and cause that community to still exist and be more lawless over time." Prince argued that keeping "bad" sites within Cloudflare's network means that the company is able to help monitor activity and flag illegal content to law enforcement. While he would not comment on specifics, he said that Cloudflare receives "regular requests" from law enforcement not to ban certain sites. "There are lots of competitors to Cloudflare that are not nearly as law abiding as we have always been," he said. "The minute that someone isn't on our network, they're going to be on someone else's network...." Prince also rejected any implication that Cloudflare's position is self-interested. "The right answer from a pure business perspective is just to kick them off," he said of 8chan. "Of the 2 million-plus Cloudflare customers, they don't matter, and the pain that they cause is well beyond anything else." Keeping 8chan within its network is a "moral obligation", he said, adding: "We, as well as all tech companies, have an obligation to think about how we solve real problems of real human suffering and death. What happened in El Paso is abhorrent in every possible way, and it's ugly, and I hate that there's any association between us and that... For us the question is which is the worse evil? Is the worse evil that we kick the can down the road and don't take responsibility? Or do we get on the phone with people like you and say we need to own up to the fact that the internet is home to many amazing things and many terrible things and we have an absolute moral obligation to deal with that."

Read more of this story at Slashdot.

Categories: Linux fréttir

Facebook, Instagram and WhatsApp Suffer Outages Again

Sun, 2019-08-04 20:34
"Facebook still can't avoid widespread outages, it seems," writes Engadget: Numerous reports have surfaced of Facebook, Instagram and WhatsApp being unavailable to various degrees on the morning of August 4th. The failure doesn't appear to have been as dramatic as it was in July, when image services were out for several hours (we had at least some success visiting them ourselves). Still, it likely wasn't what you were hoping for if you wanted to catch up on your social feeds on a lazy Sunday morning. UPI has more information: Some Instagram users could not log into their accounts while Facebook users globally could not use sharing features, upload photos and comment, The Mirror reported. Others received messages stating that the site needed maintenance and would be up again soon. The Express said that the outage monitoring website Down Detector logged more than 7,000 reports issues on Facebook. Down Detector said that Facebook started having problems about 9:30 a.m., Eastern time. About 34 percent of the complaints said they faced "total blackout." Another 33 percent of the complainants said there were issues with its newsfeed while 32 percent said they could not log in. CNet.com reported that users across the United States, Canada, Australia and parts of Asia claimed that had lack of access Sunday morning

Read more of this story at Slashdot.

Categories: Linux fréttir

New Vulnerabilities Found In WPA3 WiFi Standard

Sun, 2019-08-04 19:34
Slashdot reader Artem S. Tashkinov writes: Mathy Vanhoef and Eyal Ronen have recently disclosed two new additional bugs impacting WPA3. The security researched duo found the new bugs in the security recommendations the WiFi Alliance created for equipment vendors in order to mitigate the initial Dragonblood attacks [found by the same two security researchers]. "Just like the original Dragonblood vulnerabilities from April, these two new ones allow attackers to leak information from WPA3 cryptographic operations and brute-force a WiFi network's password," reports ZDNet. More from ZDNet: "[The] Wi-Fi standard is now being updated with proper defenses, which might lead to WPA3.1," Vanhoef said. "Although this update is not backwards-compatible with current deployments of WPA3, it does prevent most of our attacks," the researchers said. But besides just disclosing the two new Dragonblood vulnerabilities, the two researchers also took the chance to criticize the WiFi Alliance again for its closed standards development process that doesn't allow for the open-source community to contribute and prevent big vulnerabilities from making it into the standard in the first place. "This demonstrates that implementing Dragonfly and WPA3 without side-channel leaks is surprisingly hard," the researchers said. "It also, once again, shows that privately creating security recommendations and standards is at best irresponsible and at worst inept." While these type of feedback might be ignored when coming from other researchers, it means more when it comes from Vanhoef. The Belgian researchers is the one who discovered the KRACK attack that broke the WPA2 WiFi authentication standard and forced the WiFi Alliance to develop the WPA3 standard, which it launched in June 2018.

Read more of this story at Slashdot.

Categories: Linux fréttir

Pages