Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security

Hashcat Developer Discovers Simpler Way To Crack WPA2 Wireless Passwords (hashcat.net) 150

Posted by msmash from the closer-look dept.
New submitter Woodmeister shares a report: While looking for ways to attack the new WPA3 security standard, Hashcat developer Jens "Atom" Steube found a simpler way to capture and crack access credentials protecting WPA and WPA2 wireless networks. The attacker needs to capture a single EAPOL frame after requesting it from the access point, extract the PMKID from it by dumping the recieved frame to a file, convert the captured data to a hash format accepted by Hashcat, and run Hashcat to crack it. Once that's done, the attacker has the Pre-Shared Key (PSK), i.e. the password, of the wireless network. Depending on the length and complexity of the password and the power of the cracking rig, that last step could take hours or days. "The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame," Steube explained. This makes the attack much easier to pull off, as the attacker doesn't depend on another user and on being in range of both the user and the access point at the exact moment when the user connects to the wireless network and the handshake takes place.
Technology

Podcasting is Not Walled (Yet) (rakhim.org) 86

Posted by msmash from the shape-of-things-to-come dept.
Rakhim Davletkaliyev, a software developer, writer and podcaster, recently launched two new podcasts. One of the things he was asked by people following the launches was "but how do I subscribe, it's not on iTunes/Google Podcasts?" He writes: Podcasts are simply RSS feeds with links to media files (usually mp3s). A podcast is basically a URL. And podcast clients are special browsers. They check that URL regularly and download new episodes if the content of the URL changes (new link added). That's it, no magic, no special membership or anything else required. The technology is pretty "stupid" in a good way.

Ever since tech companies started waging war against RSS, podcast distribution became visually RSS-free. What do you do to subscribe? Easy, just search in the app! For the majority of iOS users that app is Apple Podcasts, and recently Google made their own "default client" for Android -- Google Podcasts. It looks like podcast clients are similar to web browsers and just provide a way to consume content, but the underlying listings make them very different. Corresponding services are actually isolated catalogs. When you perform a search on Apple Podcasts, you aren't searching for podcasts. You are searching for Apple-approved podcasts. And if the thing you're looking for is not there, then... well, you get nothing.

Most Podcast clients still accept RSS. Apple Podcasts, iTunes, PocketCasts, OverCast, PodcastAddict. Google Play Music doesn't say anything explicitly, but you can just put RSS URL into the search field and it works. For now. I won't be surprised if these apps gradually and silently remove this feature.
Security

Cybersecurity's Insidious New Threat: Workforce Stress (technologyreview.com) 58

Posted by msmash from the addressing-concerns dept.
This week's Black Hat event will highlight job-related stress and mental health issues in the cyber workforce. From a report: The thousands of cybersecurity professionals gathering at Black Hat, a massive conference held in the blistering heat of Las Vegas every summer, are encountering a different type of session this year. A new "community" track is offering talks on a range of workplace issues facing defenders battling to protect the world from a hacking onslaught. With titles like "Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community" and "Holding on for Tonight: Addiction in Infosec," several of the sessions will address pressures on security teams and the negative impact these can have on workers' wellbeing.

"A lot of people in this space feel strongly about wanting to protect their users," says Jamie Tomasello of Duo Security, who is one of the speakers. "Where this becomes challenging is when people are under sustained high stress. That increases the risk of depression and mental illness." The impact on cyber defenders' lives is deeply concerning, as are the broader implications for security. In spite of a push for greater automation, many tasks in cyber defense are still labor intensive. Workers experiencing mental health issues are more likely to make mistakes and to have performance issues that require colleagues to pick up the slack, increasing the likelihood they will make errors too.

Submission + - A New Biofilament for Your 3D Printer (nature.com)

Submitted by smugfunt
smugfunt writes: Taking inspiration from a kind of mushroom, scientists from Singapore have created a polymer composite from cellulose and chitosan, both abundant natural materials, which has properties a bit like wood and a bit like plastic. It is less dense than both and can be extruded as a paste before drying to a solid material that can be finished with normal woodworking tools. It also sticks strongly to wood.
It is biodegradable and needs no harsh solvents or extreme conditions to produce.
They call it Fungus-Like Additive Material or FLAM and say it costs about a tenth the price of PLA or ABS filament.

Submission + - Canada's "Amber Alert" fiasco

Submitted by knorthern knight
knorthern knight writes: Canada's "Alertready" system https://www.alertready.ca/#faq is stupid. You can *NOT* opt out of cellphone alerts. This is because Alertready (ab)uses the unblockable "Presidential Alert" level (intended for incoming missiles, etc) for *ALL* alerts. The story of the first live alert is at http://www.cbc.ca/news/canada/... There were 3 "Presidential" alerts issued for the incident...
1) In English
2) In French
3) A blingual "alert", saying the kid had been found safe

The OPP (Ontario Provincial Police) displayed appalling ignorance. They claimed that it was necessary to alert the entire province because people from eastern Ontario might have been visiting Thunder Bay. This is absolute ignorance. The Alertready website FAQ says that the alerts are specific to individual cell towers, and that all compatable cellphones served by the tower will receive the alert regardless of where the phone is registered to.

Right now the only ways to avoid these messages are
* force your cellphone down to 3G (Alertready only works on LTE)
* get a custom ROM, e.g. Lineage OS, for your cellphone, with "Presidential Alerts" disabled

Submission + - A Fleet of Sailing Robots Sets Out to Quantify the Oceans (bloomberg.com)

Submitted by pacopico
pacopico writes: A start-up in California called Saildrone has built a fleet of robotic sailboats that are gathering tons of data about the oceans. The saildrones rely on a hard, carbon-fiber sail to catch wind and solar panels to power all of their electronics and sensors. From a Businessweek story, "Each drone carries at least $100,000 of electronics, batteries, and related gear. Devices near the tip of the sail measure wind speed and direction, sunlight, air temperature and pressure, and humidity. Across the top of the drone’s body, other electronics track wave height and period, carbon dioxide levels, and the strength of the Earth’s magnetic field. Underwater, sensors monitor currents, dissolved oxygen levels, and water temperature, acidity, and salinity. Sonars and other acoustic instruments try to identify animal life." So far, they've been used to find sharks, monitor fisheries, check on climate change and provide weather forecasts. Saildrone just raised $90 million to build a fleet of 1,000 drones, which it thinks will be enough to measure all of the world's oceans.

Submission + - 81 Year Old Commodore Amiga Artist/Programmer - Samia Halaby (youtube.com)

Submitted by erickhill
erickhill writes: Short (9 minute) video documentary of Samia Halaby.

Samia Halaby is a world renowned painter who purchased a Commodore Amiga 1000 in 1985 at the tender age of 50 years old. She taught herself the BASIC and C programming languages to create "kinetic paintings" with the Amiga and has been using the Amiga ever since. Samia has exhibited in prestigious venues such as The Guggenheim Museum, The British Museum, Lincoln Center, The Chicago Institute of Art, Arab World Institute, Mathaf: Arab Museum of Modern Art, Sakakini Art Center, and Ayyam Gallery just to name a few.

Submission + - New Technology allows Computers To Process and Remember - More Like Human Brains

Submitted by the gmr
the gmr writes: According to a recent article published in the journal Nature, Researchers at Northwestern University’s McCormick School of Engineering have developed a "memtransistor," a device that both stores information in memory and processes information, reported an article on Futurism. The combined transistor and memory resistor works more like a neuron and purports to make computing more brain-like. The new "memtransistor" would use less energy than digital computers and eliminate the need to run memory and processing as separate functions while also being more brain-like.

Lead researcher Mark C. Hersam clarified the brain-like efficacy of the memtransistor:

in the brain, we don’t usually have one neuron connected to only one other neuron. Instead, one neuron is connected to multiple other neurons to form a network. Our device structure allows multiple contacts, which is similar to the multiple synapses in neurons... [but] making dozens of devices, as we have done in our paper, is different than making a billion.

Hersam reported no barriers to scaling up to billions of devices. This new technology would make smart devices more capable and possibly more seemingly-human. The devices may also promote advances in neural networks and brain-computer interfaces, new technologies also recently reported at Futurism.

Submission + - Coffee Beans Are Good for Birds, Fancy Brew or Not (nytimes.com)

Submitted by Zorro
Zorro writes: Birds are not as picky about their coffee as people are.

Although coffee snobs prefer arabica beans to robusta, a new study in India found that growing coffee does not interfere with biodiversity — no matter which bean the farmer chooses.

In the Western Ghats region of India, a mountainous area parallel to the subcontinent’s western coast, both arabica and robusta beans are grown as bushes under larger trees — unlike in South America, where the coffee plants themselves grow as large as trees, said Krithi Karanth, who helped lead the study, published Friday in the journal Scientific Reports.

Submission + - The Future of Free and Open-Source Maps

Submitted by Grady Martin
Grady Martin writes: Former OpenStreetMap contributer and Google Summer of Code mentor Serge Wroclawski has outlined "why OpenStreetMap is in serious trouble," citing unclear usage policies, poor geocoding (address-to-coordinate conversion), and a lack of a review model as reasons for the project's decline in quality. Perhaps more interesting, however, are the problems purported to stem from OpenStreetMap's power structure:

In the case of OpenStreetMap, there is a formal entity which owns the data, called the OpenStreetMap Foundation. But at the same time, the ultimate choices for the website, the geographic database and the infrastructure are not under the direct control of the Foundation, but instead rest largely on one individual, who (while personally friendly) ranges from skeptical to openly hostile to change.

Slashdot Top Deals

"Who alone has reason to *lie himself out* of actuality? He who *suffers* from it." -- Friedrich Nietzsche

Close