It has recently been found that WPA2 protocol is vulnerable to hacking. They are known as Krack Attacks (Key Reinstallation AttaCKS) and there is a website where you can learn more about it. It is found that Android and Linux are most vulnerable to this exploit. They can be tricked into reinstalling an encryption key with all 0s that will allow them to enter your network and then get to sites you visit and capture your login credentials.
If you watch the video below you will see it is a rather involved process to actually crack into the network but that doesn’t stop someone who is intent on getting into your network.
There isn’t a whole lot you can do because this vulnerability bypasses any security measures. Some of the more simple things you can do is not use unsecure Wi-Fi. Ever. Keep your firmware to your router updated. Do not downgrade to even more insecure protocols like WPA or WEP.
Last week, there were reports that Lenovo laptops have a security flaw. It is called Superfish adware and the laptops are shipped with this installed. Lenovo has since issued an apology and a removal tool. So what was the big deal?
Superfish came preloaded on their notebook products from September 2014 to February 2015. Many laptops come preloaded with applications but Superfish has ability to intercept SSL and TLS website connections. It can inspect the content and use a third-party library from Komodia which gives the adware the ability to impersonate any SSL website. This puts you at higher risk. It can look at emails, banking, and social media sites you visit. This is especially a problem if you use public wi-fi.
We tried to find out more about Komodia, however the site is currently down either due to ddos attacks over this or just too many connections. We will see if we can find out more about this over the next week.
If you have one of the laptops in question, you can use one of these tools to remove it.
By now you have heard about the Heartbleed Bug affecting many sites. It has to do with vulnerabilities in the encryption in OpenSSL used by many sites for security.
How does that pertain to you, the end user? Well, you may need to change a bunch of passwords. Many sites were left vulnerable and it is suggested you change your passwords. How do you know if you have to do this? There are a few Heartbleed checkers out there that allow you to put in the url of the site you are concerned about. This will let you know if they were/are vulnerable to the bug.
Here are a few to try:
There are new bugs found in the Android operating system that can leave your device, phone or tablet, vulnerable to malware. This is part of a new class of vulnerabilities called Pileup flaws (privilege escalation through updating.) The malicious apps have increased permissions once Android is updated without informing the user.
You can read more about it here on zdnet.com.
~ Jody Victor