Man In The Middle attacks are not newsworthy and should not be making the front page of Slashdot, these are the equivalent of anti-Trump garbage that floods #fakenews sources.
So a flaw that affects every single Wifi network isn't newsworthy? Repeat: Every single Wifi network. Facts don't matter then to you. From what I can tell not all vendors have supplied patches yet so most people are vulnerable as they are unpatched.
Watch the video by the security researcher. The attack is successful because it's a man-in-the-middle attack (MITM). In the video, the hacker tricks the target's device into joining a rogue "testnetwork" that is not the real "testnetwork". As a MITM attack, any PSKs or specific username/passwords are given up by the target because it thinks it is on the real network.
WPA2 enterprise doesn't use a pre-shared key. So which is it? Does the weakness lie with pre-shared key passwords? Or something else which also affects WPA2 enterprise?
The flaw has nothing to do with passwords or pre-shared keys. All WPA2 devices are affected because the flaw is in the WPA2 protocol.
Ah, here we go. The answer is "it's complicated." I'm reading through it right now, but as a PSA:
Because some of those links don't give you the overall summary but delves into details. As a security researcher you would might find those links useful. As a regular person, it doesn't help you understand the fundamentals like: Who is affected? Everyone using WPA2. Everyone.
I understand there's a difference between a claim and a fact. Qualcomm can claim anything they want; they have to prove it in court. However the danger to Qualcomm is that Apple can certainly retaliate. One way is to invalidate Qualcomm's patents in China: that would open up for any Chinese company to build tech based on those invalid patents. By the time Qualcomm tries to sort out who is blatantly copying and who is legitimately using tech, they'll be in litigation for years.
It's the nature of any patent infringement lawsuit: Claim that something violates a patent even if it isn't remotely close. It's costly and time-consuming to fight. That's why companies buy patent portfolios: mutually assured destruction is a deterrent in patent wars.
Exposing their double dipping might have disastrous consequences in China. After all, invalidating their patents could allow a myriad of copycat chips to be made.
From what I remember Amigas were used in A/V production for many years after Commodore folded. For a long term there was nothing that competed in that space for a long time. They were relatively cheap for what they did. Avid systems could do more but they also cost a lot more. It wasn't until the availability of commercial software that could run on PCs and Macs did TV studios have an alternative.
There are exceptions. For example if you are in the entertainment industry and use your stage name is one exception. Emma Stone probably has a public FB account under "Emma Stone" but that's not her real, legal name. Her real name is Emily but there was already a registered actress with that name so she had to use "Emma". She probably has an Emily Stone account too. Lady Gaga is also not the singer's real name either.
You'd hope that happens. In most states in deaths without a will, the state decides and what the state decides can't be contested. So if they decide to give everything to your nearest relative instead splitting it amongst your friends and family, there's little anyone can do about it.
The article says this: "Queensland Law Society president and succession law specialist Christine Smyth said the law was changed in 2006 to allow for less formal types of documents to be accepted as wills."
No I did not. Japanese people have issues pronouncing "L"s. Chinese people have issues with pronouncing "R"s. The character in Blade Runner is wearing an outfit that is closer to Japanese than Chinese.
I see you missed the whole point in a way. An Asian woman raised in LA probably won't have an Asian accent. An Asian man raised in the UK probably won't have an Asian accent. Asians everywhere will not necessarily have an Asian accent. That was my whole point. Film and TV shows somehow depict them always with accents for no reason. For example Arnold from Happy Days played by Pat Morita had an accent even though Pat Morita does not. The Asian cantina owner from The Fifth Element has an accent: "You are FIR-LED". The Asian cafe owner in 2 Broke Girls has an accent. I could go on.
The stereotype is that a Japanese person in the future living in a cosmopolitan city like Los Angeles would have any sort of accent. This is what an Asian from LA really sounds like.
Windows NT would ALWAYS require you press Ctrl-Alt-Del before entering your login password.
Um. Not ALWAYS. It could be disabled by settings. And the fact of the matter is that any program could spoof the password dialog visually. For the average NT user, would they automatically remember that the had to press Ctrl-Alt-Delete before entering a password (if that settings was enabled)? Not always.
Yeah but if they compromised an iPhone owner's facial data, they could only really use it on that owner's iPhone and it would take some work. Could the facial data be used for other purposes by the NSA? Sure. But they don't need iPhones to do that already.
Originally it was "Braid Runner" after Deckard's fabulous locks but Hollywood kept it after the old Asian guy's stereotyped mispronunciation.:P I kid, I kid!
Nah, it's a fundamental flaw in iOS's UI. You will be asked for your Apple ID password ALL THE TIME on iOS. Worse, it can be triggered from inside an app by the app trying to use iCloud stuff.
Sounds like someone who's never used iOS. I'm not asked "ALL THE TIME" for my Apple ID especially if I've already set my settings. The times I'm asked for my authentication for my Apple ID, it's for my fingerprint. If I turn it off, it would ask if I purchase something (because my settings are set to this).
And there's nothing "special" about the prompt. It's a regular dialog box with a regular password field. There is nothing that suggests any difference between a real "OS needs your password" and a fake "phisher is asking for your password."
And what determines an authentic password request on Windows or Android? And that request can't be faked?
There's a reason Microsoft used to make you press Ctrl-Alt-Del to enter your password in NT. It was to ensure that you pressed a key combination that no program could read, so that you could always be sure your password was going to the OS, not a phishing program. iOS has no similar thing, and does nothing else to make it clear your password is going to the OS and not some random app.
Er what? You've confused many things. Ctrl-Alt-Del originally had nothing to do with passwords. They were on the first PCs to interrupt and reboot especially in the DOS days. Windows kept it as an interrupt and reboot confirmation in addition to being used to enter in your password the first time. However you didn't need the combination to trigger a password request as far as I remember. If your screen saver kicked in for example, you'd have to re-enter your password. it was easy enough for a program to fake a screen saver then a password dialog box.
This makes it much harder to prevent a malicious app from simply doing a face scan and uploading it to the NSA / FSB / Google / Flat Earth Society.
But what would be the harm? Yes someone might have the facial data from an iPhone. It would only work on an iPhone and you'd have to find a way to feed the iPhone the data and bypass the camera. Again it would rely on compromising an iPhone already.
Only data is stored in the secure enclave from what I understand. The secure enclave isn't an environment as it is storage area. Your scenario relies on the connection between the camera and OS being open to attack and not secured. We'll need more details but the current fingerprint scanner is secured from tampering from what I know.
OS dialog impersonation attacks are nothing new. I remember there one that popped on a browser that looked like a Fisher-Price Windows XP dialog. The first time I was on a Mac so it was obvious. The second time, it popped up on an XP machine. But the user had set their colors to the olive green XP colors and not the default blue one or it might be convincing to the user.
Slashdot Mirror
Man In The Middle attacks are not newsworthy and should not be making the front page of Slashdot, these are the equivalent of anti-Trump garbage that floods #fakenews sources.
So a flaw that affects every single Wifi network isn't newsworthy? Repeat: Every single Wifi network. Facts don't matter then to you. From what I can tell not all vendors have supplied patches yet so most people are vulnerable as they are unpatched.
Watch the researcher's video or Aruba Network's FAQ
Watch the video by the security researcher. The attack is successful because it's a man-in-the-middle attack (MITM). In the video, the hacker tricks the target's device into joining a rogue "testnetwork" that is not the real "testnetwork". As a MITM attack, any PSKs or specific username/passwords are given up by the target because it thinks it is on the real network.
WPA2 enterprise doesn't use a pre-shared key. So which is it? Does the weakness lie with pre-shared key passwords? Or something else which also affects WPA2 enterprise?
The flaw has nothing to do with passwords or pre-shared keys. All WPA2 devices are affected because the flaw is in the WPA2 protocol.
Ah, here we go. The answer is "it's complicated." I'm reading through it right now, but as a PSA:
Because some of those links don't give you the overall summary but delves into details. As a security researcher you would might find those links useful. As a regular person, it doesn't help you understand the fundamentals like: Who is affected? Everyone using WPA2. Everyone.
False dichotomy: Just because China is building coal plants doesn't mean they are also building solar plants.
I understand there's a difference between a claim and a fact. Qualcomm can claim anything they want; they have to prove it in court. However the danger to Qualcomm is that Apple can certainly retaliate. One way is to invalidate Qualcomm's patents in China: that would open up for any Chinese company to build tech based on those invalid patents. By the time Qualcomm tries to sort out who is blatantly copying and who is legitimately using tech, they'll be in litigation for years.
It's the nature of any patent infringement lawsuit: Claim that something violates a patent even if it isn't remotely close. It's costly and time-consuming to fight. That's why companies buy patent portfolios: mutually assured destruction is a deterrent in patent wars.
Exposing their double dipping might have disastrous consequences in China. After all, invalidating their patents could allow a myriad of copycat chips to be made.
From what I remember Amigas were used in A/V production for many years after Commodore folded. For a long term there was nothing that competed in that space for a long time. They were relatively cheap for what they did. Avid systems could do more but they also cost a lot more. It wasn't until the availability of commercial software that could run on PCs and Macs did TV studios have an alternative.
That's a whole lot of crazy in your post there.
I would expect that a website may not cover every single contingency in what appears to be a FAQ.
There are exceptions. For example if you are in the entertainment industry and use your stage name is one exception. Emma Stone probably has a public FB account under "Emma Stone" but that's not her real, legal name. Her real name is Emily but there was already a registered actress with that name so she had to use "Emma". She probably has an Emily Stone account too. Lady Gaga is also not the singer's real name either.
You'd hope that happens. In most states in deaths without a will, the state decides and what the state decides can't be contested. So if they decide to give everything to your nearest relative instead splitting it amongst your friends and family, there's little anyone can do about it.
The article says this: "Queensland Law Society president and succession law specialist Christine Smyth said the law was changed in 2006 to allow for less formal types of documents to be accepted as wills."
except you got it wrong.
No I did not. Japanese people have issues pronouncing "L"s. Chinese people have issues with pronouncing "R"s. The character in Blade Runner is wearing an outfit that is closer to Japanese than Chinese.
I see you missed the whole point in a way. An Asian woman raised in LA probably won't have an Asian accent. An Asian man raised in the UK probably won't have an Asian accent. Asians everywhere will not necessarily have an Asian accent. That was my whole point. Film and TV shows somehow depict them always with accents for no reason. For example Arnold from Happy Days played by Pat Morita had an accent even though Pat Morita does not. The Asian cantina owner from The Fifth Element has an accent: "You are FIR-LED". The Asian cafe owner in 2 Broke Girls has an accent. I could go on.
The stereotype is that a Japanese person in the future living in a cosmopolitan city like Los Angeles would have any sort of accent. This is what an Asian from LA really sounds like.
Windows NT would ALWAYS require you press Ctrl-Alt-Del before entering your login password.
Um. Not ALWAYS. It could be disabled by settings. And the fact of the matter is that any program could spoof the password dialog visually. For the average NT user, would they automatically remember that the had to press Ctrl-Alt-Delete before entering a password (if that settings was enabled)? Not always.
Yeah but if they compromised an iPhone owner's facial data, they could only really use it on that owner's iPhone and it would take some work. Could the facial data be used for other purposes by the NSA? Sure. But they don't need iPhones to do that already.
Originally it was "Braid Runner" after Deckard's fabulous locks but Hollywood kept it after the old Asian guy's stereotyped mispronunciation. :P I kid, I kid!
Nah, it's a fundamental flaw in iOS's UI. You will be asked for your Apple ID password ALL THE TIME on iOS. Worse, it can be triggered from inside an app by the app trying to use iCloud stuff.
Sounds like someone who's never used iOS. I'm not asked "ALL THE TIME" for my Apple ID especially if I've already set my settings. The times I'm asked for my authentication for my Apple ID, it's for my fingerprint. If I turn it off, it would ask if I purchase something (because my settings are set to this).
And there's nothing "special" about the prompt. It's a regular dialog box with a regular password field. There is nothing that suggests any difference between a real "OS needs your password" and a fake "phisher is asking for your password."
And what determines an authentic password request on Windows or Android? And that request can't be faked?
There's a reason Microsoft used to make you press Ctrl-Alt-Del to enter your password in NT. It was to ensure that you pressed a key combination that no program could read, so that you could always be sure your password was going to the OS, not a phishing program. iOS has no similar thing, and does nothing else to make it clear your password is going to the OS and not some random app.
Er what? You've confused many things. Ctrl-Alt-Del originally had nothing to do with passwords. They were on the first PCs to interrupt and reboot especially in the DOS days. Windows kept it as an interrupt and reboot confirmation in addition to being used to enter in your password the first time. However you didn't need the combination to trigger a password request as far as I remember. If your screen saver kicked in for example, you'd have to re-enter your password. it was easy enough for a program to fake a screen saver then a password dialog box.
This makes it much harder to prevent a malicious app from simply doing a face scan and uploading it to the NSA / FSB / Google / Flat Earth Society.
But what would be the harm? Yes someone might have the facial data from an iPhone. It would only work on an iPhone and you'd have to find a way to feed the iPhone the data and bypass the camera. Again it would rely on compromising an iPhone already.
Especially Android face recognition is based on optical cameras and not IR cameras.
Only data is stored in the secure enclave from what I understand. The secure enclave isn't an environment as it is storage area. Your scenario relies on the connection between the camera and OS being open to attack and not secured. We'll need more details but the current fingerprint scanner is secured from tampering from what I know.
OS dialog impersonation attacks are nothing new. I remember there one that popped on a browser that looked like a Fisher-Price Windows XP dialog. The first time I was on a Mac so it was obvious. The second time, it popped up on an XP machine. But the user had set their colors to the olive green XP colors and not the default blue one or it might be convincing to the user.