KRACK Wi-Fi flaw: What you should know

Cybersecurity researchers have discovered a vulnerability in Wi-Fi which means hackers could intercept communications between our devices and the Wi-Fi router.

This flaw could take advantage of vulnerabilities in the WPA2 security protocol, which is used to secure the majority of modern Wi-Fi networks.

lock istock enzozo 2 2

The main attack, which the researchers claim is against the four-way handshake of the WPA2 protocol, which is used to create a key for encrypting internet traffic, works by interrupting the third step, in which the encryption key can be resent multiple times.

Once this has been done, the process of encryption is undermined, leaving systems vulnerable.

KRACK could affect devices running the Android, Linux, Apple and Windows, although Android and Linux are thought to be at particular risk.

Read next: The most secure browsers of 2017.

“Everyone using Wi-Fi is vulnerable. The protocol-level weakness impacts both WPA1 and WPA2 protocols (those used to secure both home and enterprise Wi-Fi networks),” says Bob Rudis, chief data scientist at Rapid7.

“Attackers only need to be within signal range of your Wi-Fi networks. No authentication is required.

“Organisations and home users should actively check for patches for their Wi-Fi access points and patch them immediately after a fix has been issued by vendors,” he adds.

To limit the effects of the security flaw, experts advise connecting to Wi-Fi networks via a VPN, monitor networks and apply a security patch where possible.

Read next: Best VPNs 2017.

“All users should use a VPN service when connected via public Wi-Fi or fully ensure they only connect to websites over HTTPS,” Rudis explains.

‘+article.headline
+”;
listEl.prepend(‘

‘);
articleIndex++;
}
listEl.show();//show unit
});
});

GitHub on the hunt for a new diversity lead

GitHub is still searching for someone to head up its diversity efforts, three months after social impact VP Nicole Sanchez resigned.

“We’ve got searches going for that position,” chief strategy officer Julio Avalos told Techworld.

© GitHub
© GitHub

The person hired will be responsible for internal diversity and inclusion efforts, he explained.

The company has a Code of Conduct and a seven-strong ‘community and safety’ team, both of which are aimed at ensuring the platform is as inclusive as possible for developers who use it.

However Avalos admitted that the software development sector “100 percent” has an image problem.

“Tech requires something of a Promethean effort. It is like bringing fire. There’s some vestigal thing in the industry, we’re keeping the fire to ourselves in some way. There’s an elitism that needs to be broken up and democratised,” he said.

GitHub, a code repository used by developers launched a decade ago, held its annual ‘GitHub Universe’ conference this week.

The company announced several new features to its platform, including:

  • A new feature that alerts developers if their code includes security vulnerabilities and suggests a fix where one is available. 
  • A new ‘dependency graph’ which shows developers all of the packages and applications they are connected to, plus all projects their code depends on and vice versa.
  • An updated news feed which includes recommendations for open source projects to explore, based on the people you follow, repositories you star and what’s popular on GitHub.

GitHub also announced the latest statistics for its platform, which show it is used by 24 million people across 200 countries. The most popular programming languages on GitHub are Javascript, Java and Python, in that order.