ZDNet: Here’s every patch for KRACK Wi-Fi vulnerability available right now . “In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the US Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. Who’s on top of the game?”
Ars Technica: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping. “An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks.”
The Hacker News: Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months. “Beware, If you are using S/MIME protocol over Microsoft Outlook to encrypt your email communication, you need to watch out. From at least last 6 months, your messages were being sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential eavesdroppers.”
Phys.org: Computer scientists address gap in messaging privacy. “Researchers have developed a solution to a longstanding problem in the field of end-to-end encryption, a technique that ensures that only sender and recipient can read a message.
With current end-to-end encryption, if an attacker compromises a recipient’s device, they can then put themselves in a position to intercept, read and alter all future communications without sender or recipient ever knowing.”
The Register: Google to kill Symantec certs in Chrome 66, due in early 2018 . “Google has detailed its plan to deprecate Symantec-issued certificates in Chrome. The decision to end-of-life its trust for Symantec certificates was the outcome of a long tussle over dodgy certificates, which came to a head when certs for example.com and various permutations of test.com escaped into the wild.”
Hongkiat: A Look into VeraCrypt – A Powerful Data Encryption Tool. “VeraCrypt, the successor of TrueCrypt, is a free, multi-platform, on-the-fly encryption program similar to the Microsoft‘s BitLocker. The former, surprisingly, works on various platforms including Windows, MacOS, Linux and Raspbian, unlike the latter.” A handy article, especially if you had to abandon TrueCrypt after all its weirdness.
ABC News (Australia): Facebook, Google obliged to decrypt online messages to help Government fight terrorism. “Social media giants like Facebook and Google will face new laws to compel them to help Australian security agencies get access to encrypted messages from suspected terrorists and other criminals.”