Major vulnerability found in Wi-Fi encryption, Android worst affected

A major vulnerability has been discovered in Wi-Fi encryption that can allow attackers to read Wi-Fi traffic between devices and wireless access points. Attackers can even modify the key to inject malware into websites. Researchers have disclosed that Android and Linux-based devices are the worst affected. Researchers claim the attack works against all modern Wi-Fi networks using WPA or WPA 2 encryption, and that the weakness is in the Wi-Fi standard itself so it affects macOS, Windows, Android, and Linux devices.

The attack requires that a device be in range to a malicious device. By intercepting traffic, attackers can read information that was previously assumed to be safely encrypted, and hackers don’t need to even crack a Wi-Fi password to achieve this.

This hack can be used to steal credit card numbers, passwords, chat messages, photos, emails, and much more.

41 percent of Android devices are vulnerable to this new Wi-Fi attack. Android devices will require security patches to protect against this. Currently, the exploit doesn’t target access points. The attack exploits vulnerabilities in the 4-way handshake of the WPA2 protocol, a security handshake that ensures client and access points have the same password when joining a Wi-Fi network.

As this is a client-based attack, expect to see a number of patches for devices in the coming weeks.

Should I change my Wi-Fi password?

Changing the password of your Wi-Fi network does not prevent (or mitigate) the attack. So you do not have to update the password of your Wi-Fi network. Instead, you should make sure all your devices are updated, and you should also update the firmware of your router. After updating your router, you can optionally change the Wi-Fi password as an extra precaution.

I’m using WPA2 with only AES. That’s also vulnerable?

Yes, that network configuration is also vulnerable. The attack works against both WPA1 and WPA2, against personal and enterprise networks, and against any cipher suite being used (WPA-TKIP, AES-CCMP, and GCMP).

Is my device vulnerable?

Any device that uses Wi-Fi is likely vulnerable. Contact your vendor for more information.


Windows Subsystem for Linux finally out of Beta

Microsoft has announced that the full version of Windows Subsystem for Linux (WSL) will roll out with Windows 10 Fall Creators Update (FCU). Windows Subsystem for Linux (WSL) is now out of beta and will become a fully supported Windows feature. Early adopters on the Windows Insider program will notice that WSL is no longer marked as a beta feature as of Insider build 16251.

This will be great news for those who’ve held-back from employing WSL as a mainline toolset: You’ll now be able to leverage WSL as a day-to-day developer toolset, and become ever more productive when building, testing, deploying and managing your apps and systems on Windows 10.

Windows Subsystem for Linux - Sihmar
Windows Subsystem for Linux in Windows 10 build 16251.

Caveat Emptor

  • Run Linux Command-line tools for development and (basic) administration.
  • Share and access files on the Windows filesystem from within Linux.
  • Invoke Windows processes from Linux, e.g.
    ~$ cd /mnt/c/temp/ && echo “Hello” > hello.txt && notepad.exe hello.txt.
  • Invoke Linux processes from Windows command-line, e.g.:
    C:\> bash -c “fortune | cowsay”

NOT supported:

  • Linux distro’s running atop WSL are for interactive user scenarios, NOT for running production workloads on Apache/nginx/MySQL/MongoDB/etc.
  • Linux files are NOT accessible from Windows (we’re working to improve this scenario over time).
  • NO current plans to support X/GUI apps, desktops, servers, etc. at this time.

According to the Microsoft, they support the WSL infrastructure and tooling and on the other hand, Distro-publishers are responsible for their distro internals.


Microsoft PowerShell for Linux and OS X now available

Microsoft has announced that PowerShell is now open source project. PowerShell is also now available on Linux and macOS. Developers can download PowerShell open source project from GitHub. There are other alpha versions available for the Ubuntu, Centos, Red Hat variants of Linux and OS X 10.11.

Microsoft posted in official blog:

Now, users across Windows and Linux, current and new PowerShell users, even application developers can experience a rich interactive scripting language as well as a heterogeneous automation and configuration management that works well with your existing tools. Your PowerShell skills are now even more marketable, and your Windows and Linux teams, who may have had to work separately, can now work together more easily.

Download PowerShell


Skype for Linux released as alpha, More coming to Chrome and Chromebook

Skype released its alpha version for Linux. New Skype alpha is built on WebRTC, a protocol allowing Skype to connect with a variety of clients, including Linux. Chrome and Chromebook also support the WebRTC and ORTC protocols, so that visiting will provide the same features as the Skype for Linux client, including video calling. Calls to landlines and mobile devices both coming later. There is lots more to come to Skype for Chromebooks.

Official Skype blog says:

Once you’ve downloaded the app, you’ll notice that it’s very different to the Skype for Linux client you use today. For example, you’ll be using the latest, fastest and most responsive Skype UI, so you can share files, photos, videos and a whole new range of new emoticons with your friends.