The Wi-Fi threat, named KRACK (for "Key Reinstallation AttaCK") was described yesterday in a paper released by Belgian researchers Mathy Vanhoef and Frank Piessens. The Infineon vulnerability, which could allow hackers to determine a private RSA key based on the public key, was dubbed "ROCA" by Czech and Slovak researchers who will present their findings at a security conference in two weeks.
In both cases, security experts are advising users of either Wi-Fi or RSA encryption technologies to update their devices as soon as possible as patches become available.
'Blindingly Obvious'... in Hindsight
According to Vanhoef and Piessens, pretty much any device with Wi-Fi capabilities could be vulnerable to a KRACK attack, which can be launched by tricking a targeted wireless device into reinstalling a cryptographic key that's already in use. Although the attack hasn't been observed in the wild, the researchers said the flaw exposed serious weaknesses in the WPA2 wireless security protocol that could allow an attacker to replay, decrypt and forge data sent to and from a victim's device via Wi-Fi.
"This meets my definition of brilliant," cybersecurity expert Bruce Schneier wrote on his blog. "The attack is blindingly obvious once it's pointed out, but for over a decade no one noticed it."
In a separate blog post yesterday, Matthew Green, a cryptography expert at Johns Hopkins University, pointed a finger at the institutional processes used to develop and approve IT security standards.
"If you're looking for someone to blame, a good place to start is the IEEE," Green wrote. "One of the problems with IEEE is that the...
The Surface Book 2 [pictured above] boasts up to five times the graphics performance of the original version of the laptop, released two years ago. It will be available in mid-November, in both a 13.5-inch and 15-inch version, and have the ability to run heavy-duty creative software such as the Adobe suite and play a multitude of video games.
Microsoft announced the computer, the highest-end notebook of its three Surface-branded laptops, as an answer to Apple's MacBook series, which has been losing dominance in the market.
The Surface Book 2 will be "twice as powerful as the new MacBook Pro," said Yusuf Mehdi, the corporate vice president who oversees Windows and Device marketing.
Like its earlier version, the laptop features a removable screen so it can be used as a tablet. The small gap between screen and keyboard when the laptop is closed also will remain -- a feature that irritated some users because they said dust can enter in the gap.
Microsoft also sells the less powerful Surface Pro and Surface Laptop in the line, and a sophisticated desktop computer, the Surface Studio.
Prices start at $1,499 for the 13.5-inch Book and $2,499 for the 15-inch. Both are available for pre-order Nov. 9, and generally available on Nov. 16. The 15-inch will only be available in the United States.
Dubbed the Fall Creators Update, the package will make its way in waves to the more than 500 million Windows 10 users starting this week. Business users have the ability to delay updates.
"We think 3-D will take off," said Yusuf Mehdi, a corporate vice president who leads marketing for Microsoft's Windows and Devices unit.
The update adds support for a slate of virtual-reality headsets -- made by Samsung, HP, Acer and others -- designed for use with a PC.
High-end personal computers were already the base for the major virtual-reality headsets released last year, including Oculus Rift and the HTC Vive. Microsoft is aiming to broaden that market by adapting Windows 10 to the newer, sometimes cheaper, devices. The first headsets in that wave will be available Tuesday.
"You're going to see new forms of entertainment. What used to be sci-fi is going to become our life," Mehdi said, adding that "it's early across the board" for virtual reality.
Microsoft is also adding the capability to plant and manipulate 3-D objects into its Office suite, opening up the capability to display a profile of a sports car in a PowerPoint presentation, and rotate it in three dimensions.
Another feature, the Windows Mixed Reality Viewer, can superimpose a model of a 3-D object into an image from a PC camera, to, say, give the viewer a sense of scale of the car by comparing it to a person in a room.
It's an experience most would recognize from Pokémon Go, last year's hit mobile game that...
To be sure, the Pixel 2 is a solid phone. It's not as elegantly designed as an iPhone or a Samsung Galaxy phone. But it delivers a strong tie-in to Google's services, including those intended to fetch what you need automatically.
Visual Search Engine
The Pixel 2 comes with Google Lens, a way of searching Google just by pointing your camera at a landmark, object or storefront. This can give you quick access to reviews and store hours. It might help identify that mysterious building you walk by every day. Google Lens will also pull out web addresses and phone numbers from signs so you can browse or call with just at tap.
The feature correctly identified paintings of obscure figures in American history at a museum in New York, and it knew which Starbucks I was standing in front of, out of several in the neighborhood. But it's not foolproof: The iconic United Nations building came across as a generic tower.
I found Google Lens slightly more reliable than a similar Samsung feature, Bixby Vision. Bixby tended to miss on identifying businesses; a Chinatown bakery serving pork buns was thought to be a CrossFit gym -- quite the opposite. On the other hand, Bixby identified a plaque dedicated to a Titanic victim, while Google just said, "Hmm."
It's a good start, but both still have work to do. And for now, Google Lens requires you to take a photo first. Seamless, instant analysis is "coming soon." All you'll have...
The big burden that Netflix is shouldering hasn't been a major concern on Wall Street so far, as CEO Reed Hastings' strategy has been paying off.
The billions of dollars that Netflix has borrowed to pay for exclusive series such as "House of Cards," ''Stranger Things," and "The Crown" has helped its service more than triple its global audience during the past four years -- leaving it with 109 million subscribers worldwide through September.
That figure includes 5.3 million subscribers added during the July-September period, according to Netflix's quarterly earnings report released Monday. The growth exceeded management forecasts and analyst projections. Netflix's stock rose 1 percent in extended trading, putting it on track to touch new highs Tuesday. The shares have increased by about five-fold during the past four years.
If the subscribers keep coming at the current pace, Netflix may surpass its role model -- HBO -- within the next few years. HBO started this year with 134 million subscribers worldwide.
"We are running around 100 miles an hour doing our thing around the world," Hastings said during a review of the third-quarter results.
But Netflix's subscriber growth could slow if it can't continue to win programming rights to hit TV series and movies, now that there are more competitors, including Apple , Amazon, Hulu and YouTube.
If that happens, there will be more attention on Netflix's huge programming bills, and "then we could see an investor backlash," CFRA Research analyst Tuna Amobi says. "But Netflix has been delivering great subscriber growth so far."
Netflix's long-term debt and other obligations totaled $21.9 billion as of Sept. 30, up from $16.8 billion at the same time last...
That's according to Arianna Huffington, an Uber board member, who said Monday in an onstage interview that the massive, thorny deal is "very likely" to come together on that timetable. Uber's board has been haggling with the Japanese conglomerate over the price at which the ride-hailing company will sell its shares. If the price is too low, the "tender offer" will likely fail and no shares will be sold.
Recode reported earlier tonight that the deal was close to being struck.
Huffington, speaking at the Wall Street Journal's D.Live conference in Laguna Beach, declined to reveal the price - although it is expected to value Uber at around $50 billion. But some current Uber shareholders are likely to demand a higher share price if they are to sell stock in the company that was valued by private investors in the last financing round at $68 billion.
SoftBank is seeking to acquire at least 14% of the company. The board has kickstarted a sale process that will only succeed if enough sellers are interested in parting with their ownership stake. The sale is also tied to a series of governance reforms meant to restrain several early Uber shareholders, most especially ousted Uber CEO Travis Kalanick.
Huffington, who joined the board last year and has been a staunch defender of Kalanick, jokingly described the tension at the company as "beyond crazy." She did note she is a major fan of Kalanick's replacement, former Expedia CEO Dara Khosrowshahi, whom she compared to Roman emperor Marcus Aurelius.
But Huffington also acknowledged that Uber had suffered due to Kalanick's mistakes, which she said primarily revolved around...
The app, launched this summer in 36 US states only, has received more than five million downloads in a short space of time, thanks to its unique twist on the anonymous-messaging model of previous viral hits such as Secret, YikYak and Sarahah.
Users of the app are shown a positive question, asking them who "makes you laugh the hardest" or "has the most integrity," along with a selection of four of their Facebook friends. The person they select as the answer is told that they were given the compliment, but not by who.
The model allows for the same sort of pleasant interaction with friends that previous anonymous messaging apps have enabled at their best moments, receiving nice messages from people who might be too embarrassed to say the same in person -- as well as enabling a fair amount of anonymous flirting.
But it avoids the downside of many of its competitors, which is their capacity for anonymous bullying. By forcing users to only communicate through pre-checked questions, the app can keep things positive.
It seems to have worked: in a statement posted to the company's website, TBH said that more than 1bn messages had been sent since it launched.
At least for the moment, the acquisition won't change how TBH works. Similar to Instagram and WhatsApp, Facebook is leaving the app to run largely unaltered, with the same staff now operating from its Menlo Park headquarters.
"When we met with Facebook, we realized that we shared many of the same core values about connecting people through positive interactions," TBH said in its statement. "Most of all, we were compelled by the ways they could help us realize...
The Enhanced Mobile service reduces the chance of missing important calls and eliminates the need for customers to keep track of or call multiple numbers (cell or office). It can also reduce the frustration of "voice jail" by increasing the likelihood that callers will reach the person they want directly, rather than having their calls rerouted to a receptionist or a company voicemail system.
Since the service is network-based, users don't have to download a special app to speak with someone using Enhanced Mobile. Calls go over the VoLTE network, which according to AT&T, gives a higher Quality of Service (QoS) and does not use data.
The main benefit of the new service is for businesses with a mobile workforce. Sales and customer service reps who work on-the-go no longer need to manage different phone lines and voicemail boxes, which means they should be able to provide better, more efficient service.
Roman Pacewicz, who serves as chief product officer for AT&T Business, says the new Collaborate Enhanced Mobile service effectively "blurs the line between fixed and mobile networks." And, he says, it gives businesses a cost-effective way to simplify communication across AT&T's highly secure network.
In addition to improving the customer experience, other features and benefits outlined by AT&T include:
Simultaneous and sequential ring options that let you keep calls from going straight to voicemail when you need to catch important incoming calls Business Auto Attendant -- a voice response service that routes calls where you need them to go Caller...
The justices intervened in a case of a federal drug trafficking investigation that sought emails that Microsoft keeps on a server in Ireland. The federal appeals court in New York said that the emails are beyond the reach of a search warrant issued by an American judge.
The Trump administration and 33 states told the court that the decision is impeding investigations into terrorism, drug trafficking, fraud and child pornography because other courts are relying on the ruling in preventing U.S. and state authorities from obtaining information kept abroad.
The case is among several legal clashes that Redmond, Washington-based Microsoft and other technology companies have had with the government over questions of digital privacy and authorities' need for information to combat crime and extremism.
Privacy law experts say the companies have been more willing to push back against the government since the leak of classified information detailing America's surveillance programs.
The case also highlights the difficulty that judges face in trying to square decades-old laws with new technological developments. In urging the high court to stay out of the case, Microsoft said Congress needs to bring the law into the age of cloud computing.
In 2013, federal investigators obtained a warrant under a 1986 law for emails from an account they believe was being used in illegal drug transactions as well as identifying information about the user of the email account.
Microsoft turned over the information, but went to court to defend its decision not to hand over the emails from Ireland.
The federal appeals court in New York agreed with the company. The administration in its Supreme Court appeal said...
The weakness could enable a so-called "KRACK" (Key Reinstallation AttaCK) attack on the four-way cryptographic handshake system used to establish communications connections via WPA2. By launching such an attack, a hacker could reinstall a previously used cryptographic key and then access all the data sent and received by a wireless device.
What's more, an attacker could also use that wireless access to inject malicious data, such as ransomware, into the traffic streaming to an affected device.
While there's no indication yet that the vulnerability has been exploited in the wild, the Wi-Fi Alliance said it is urging device vendors to integrate patches quickly. When those become available, users should immediately update their wireless devices to reduce their risks of being hacked.
'Works against All Modern Wi-Fi Networks'
In a proof-of-concept paper released today and scheduled to be presented at a security conference next month, Catholic University of Leuven researchers Mathy Vanhoef and Frank Piessens described how flaws in Wi-Fi security protocols could be exploited by tricking a targeted wireless device into reinstalling a cryptographic key that's already in use. That reinstallation breaks the handshakes used to establish a secure connection and could allow an attacker to replay, decrypt, and forge data sent wirelessly to and from the victim's device.
"[A]ttackers can use this novel attack technique to read information that was previously assumed to be safely encrypted," Vanhoef noted on the Key Reinstallation Attacks Web site he launched to describe how KRACK works. "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks."...
Clinton told Australian Broadcasting Corp. in an interview broadcast on Monday that the Australian whistleblower had "become a kind of nihilistic opportunist who does the bidding of a dictator," Russian President Vladimir Putin.
"He's a tool of Russian intelligence, and if he's such a ... martyr of free speech, why doesn't WikiLeaks ever publish anything coming out of Russia?" she said.
Clinton was complaining about WikiLeaks' publication during the 2016 election campaign of politically damaging emails from the Democratic National Committee.
Assange, who is holed up in Ecuador's embassy in London, hit back at Clinton's interview, tweeting that she was "not a credible person."
"It is not just her constant lying. It is not just that she throws off menacing glares and seethes thwarted entitlement," he tweeted. "Watch closely. Something much darker rides along with it. A cold creepiness rarely seen."
In the interview, Clinton rejected reporter Sarah Ferguson's proposition that Assange was simply performing a journalist's role by publishing information.
"There was a concerted operation between WikiLeaks and Russia and most likely people in the United States to, as I say, weaponize that information, to make up stories, outlandish, often terrible stories that had no basis in fact, no basis even in the emails themselves, but which were used to denigrate me, my campaign, people who supported me, and to help (Donald) Trump," Clinton said.
"WikiLeaks is unfortunately now practically a fully owned subsidiary of Russian intelligence," she said.
The 45-year-old Australian fled to the embassy in 2012 to avoid extradition to Sweden over an investigation of sexual offense allegations. Despite a Swedish prosecutor announcing in May that he was no longer the target of an...
The IRS had contracted with Equifax to validate the identity of taxpayers communicating with the agency on the telephone or through its website.
In a statement Friday, the IRS said it suspended the contract as "a precautionary step" while the agency reviews the company's security systems.
"During this suspension, the IRS will continue its review of Equifax systems and security," the statement reads. "There is still no indication of any compromise of the limited IRS data shared under the contract."
Equifax revealed in September that hackers had obtained the personal information of more than 145 million people. Hackers stole Social Security numbers, birth dates and addresses, and in some cases driver's license numbers.
Equifax CEO Richard Smith stepped down. He later went before Congress for a public shaming in which he apologized.
Members of Congress from both political parties expressed outrage over the IRS contract.
"Given that Equifax failed to secure their own systems and provide timely notifications of a massive security breach, they should have never been an option for hire by the IRS," said Sen. Orrin Hatch, R-Utah, chairman of the Senate Finance Committee.
Sen. Sherrod Brown, D-Ohio, said: "Suspending the IRS contract is only the first step. We cannot know taxpayers are protected until Equifax is banned from all federal contracts."
Equifax issued a statement Friday that said, "We remain confident that we are the best party to perform the services required in this contract. We are engaging IRS officials to review the facts and clarify available options."
While the contract is suspended, taxpayers will not be able to create new accounts in the tax agency's Secure Access program, which...
The move is happening as Google says shopping will be available later this year through Google Assistant on iPhone and Android phones, joining its Google Home device and Android TV. So shoppers can shout out orders to their phone while they're running around doing errands or just walking.
Target Corp. joins Walmart and Home Depot among others in partnering with Google on voice shopping as they seek to compete against Amazon's dominance with its Echo devices. Amazon started offering Echo voice assistants in late 2014, while Google made its debut with Google Home earlier this year.
Target is also expanding nationwide its Google Express program that offers faster delivery from a test program in New York City and California. Shoppers will be able to get deliveries within two days since the items will be shipped to a nearby Target store for free provided the purchase meets the $35 order minimum. Next year, Target shoppers will be able to pick up their online purchases at a Target store where orders are ready in two hours as part of the Google Express program. They'll also be able to use Target's loyalty card as an option for Google Express shoppers, giving them such benefits as a 5 percent discount off most purchases.
Like many retailers, Target has been offering more shopping options. This past summer, for example, the Minneapolis discounter began expanding its next-day essentials delivery service that it was testing to the Atlanta, Chicago, Los Angeles, New York, Philadelphia, San Francisco, St. Louis, and Washington, D.C./Baltimore areas.
"We have lots of different choices of how they buy from us," said Mike McNamara, Target's chief information and digital officer. He...
The dismissals come at a crucial point for the company, which is pushing to increase vehicle production five-fold and reach a broader market with its new Model 3 sedan. The electric vehicle maker missed targets for producing the lower-cost sedan, manufacturing only 260 last quarter despite a wait list of more than 450,000 customers.
The company said this week's dismissals were the result of a company-wide annual review, and insisted they were not layoffs. Some workers received promotions and bonuses, and the company expects to hire for the "vast majority" of new vacancies, a spokesman said.
"As with any company, especially one of over 33,000 employees, performance reviews also occasionally result in employee departures," a spokesman said. "Tesla is continuing to grow and hire new employees around the world."
In multiple interviews, former and current employees told this news organization little or no warning preceded the dismissals. The workers interviewed include trained engineers working on vehicle design and production, a supervisor and factory employees.
Workers estimated between 400 and 700 employees have been fired. Tesla refused to say how many employees were let go, although the company expects employee turnover to be similar to last year's attrition.
The spokesman said most of the dismissals were administrative and sales positions, and outside of manufacturing. Tesla employs about 10,000 workers at its Fremont factory.
Workers spoke on the condition of anonymity because they feared reprisals from the company. Employees said the firings have lowered morale through many departments. Several said Model X, Model S and former SolarCity operations seemed to be targeted.
Juan Maldonado, a production worker, felt the tap on his shoulder on Thursday. He worked at Tesla for nearly four years, and said...
The new top-end Huawei features a 6 inch, 18:9 elongated OLED screen, matching its Samsung rivals with tiny bezels at the side, top and bottom, which are only just big enough to fit the front-facing camera and sensors at the top and company logo at the bottom.
The back of the phone is curved glass, with metal sides that feel significantly more premium than previous Mate smartphones, matching the level of build-quality and design of rivals.
"The Mate 10 shows Huawei can now produce devices that can really compete with the quality of flagship devices like Apple," said Francisco Jeronimo, research director for European mobile devices at research firm IDC.
The Mate 10 will ship Huawei's custom version of Android EMUI 8, which will be built on Android 8 Oreo. It will be one of the first smartphones to ship with Oreo, which was released on 21 August.
The Mate 10 Pro also features Huawei's latest Kirin 970 processor, which has a neural processor built in in similar fashion to Apple's A11 Bionic processor in the iPhone 8, as well as a dual camera setup on the back with one colour 12-megapixel sensor joined to a 20-megapixel monochrome sensor.
Huawei is using the neural processor to run on-device artificial intelligence for advanced scene detection, live translation through the camera and computational photography techniques combining images from the two image sensors for portrait mode and other camera tricks.
But the company is also pushing built-in AI that is capable of learning a user's habits, so that the...