Video instructions and help with filling out and completing Form 2220 Taxpayers

Instructions and Help about Form 2220 Taxpayers

Crack is bad for Wi-Fi Equifax loses their IRS contract and an RSA crypto key is vulnerable to being reverse engineered all that coming up now on threat wire greetings I am Shannon Morse and this is threat wire for October 17 2017 your summary of the threats to our security privacy and Internet freedom if you haven't checked out our patreon yet please do so we have lots that we want to do for the show but we can't do it without your support patreon.com slash threat wire is the place to support threat wire and the link is in the show notes and also real quick I just wanted to let you know that I am giving away a Nintendo NES classic over on my texting youtube channel all you have to do is go over there to youtube.com slash tech thing make sure to comment on the most recent episode from this last week and make sure to subscribe so you know when we announce the winner and now on to the news on Sunday night I just happen to check Twitter to see a whole ton of info SEC professionals talking about a rumored new attack against wpa2 people said that it was legit but no sources were given publicly it turns out it is true and wpa2 is vulnerable wpa2 is the de-facto Wi-Fi protocol that is suggested for securing your home networks and businesses if you rely on wireless uses wpa2 has better encryption than the much older WEP and it requires you to know a passphrase to login to a Wi-Fi network hence the name which means Wi-Fi protected access a flaw dubbed crack for key reinstallation attack was discovered in the security of wpa2 by a security researcher named Mattie Van Hoff and presented at blackhat Europe and the computer and communications security conference I'll provide the links below to their write-up as well as the cert and CC information for wireless vendors down below in the show notes so basically you can assume that you're vulnerable to this attack if you have implemented wpa2 on your router or any of your client devices that you own be it your smartphone your laptop or your Internet of Things devices researchers have found it affects Android Apple Linux windows open est MediaTek Linksys and a ton more vendors the attacks work on both access points and clients so updating just the access point will not necessarily keep your client devices protected so what do cracks do well if an attacker is within wireless range of their target they can use the technique to steal private information such as passwords emails photos credit card numbers and a lot more in some instances it could also be used to inject data into the network as well how does that happen well all you have to do is log onto a wpa2 protected network which requires your device to do a handshake with the router you can't see this happen with your own two eyes but both the router and the smartphone or your laptop for example agree and pawn and encryption key that only works between those two devices it lets you log into the internet and get on Facebook within a few seconds sometimes unfortunately for some reason the handshake won't complete so the wireless router will restart the message that it sends to your device until it eventually connects if it has to restart the handshake at reasons the same encryption key and that's the big thing here in the case of cracks the handshake is manipulated and replayed to the victim which restarts the session between the two devices the attacker reads the handshake manipulates it then sends it on its way so this is an underlying problem with WPA protocols not any specific vendor and by the way it affects all versions of WPA implementations in similar ways this can be really scary because an attacker could decrypt packets via the TCP sequence part of a connection and if the user is using TK IP or GCM P which are both encryption protocols used in WPA the attacker could decrypt and inject malicious packets on some clients specifically some versions of Android and Linux the attacker could force the client into using a predictable encryption key so basically just assume that if you are depending on wpa2 to encrypt your traffic it could possibly be read by a third party now with that said though they cannot steal and read your WPA password and they cannot inject packets on AES CCMP encryption protocols now since they don't need your WPA password to use this attack that also means that if you change your password you're still going to be vulnerable now luckily once vendors start sending out updates you will be patched and in the clear unfortunately though some devices may take months to receive a patch now this is also scary because Internet of Things devices are prone to never receiving updates if any which means that they are going to be vulnerable for a very long time potentially or vulnerable forever also while you are probably already using something like HTTPS Everywhere on your browser and that's a really good thing you should definitely keep doing that if somebody was targeting your network they could still create phishing sites on HTTP being incredibly mindful of your browsing and using HTTPS on sites is definitely crucial here so what can you do use antivirus obviously even something as simple as Windows Defender will help in case of an attack if the attacker actually targets you and installs something malicious make sure that your firewalls are turned on and if you can switch to a wired connection instead obviously you can't necessarily do that for your smartphone for example now if you have a VPN that you can fully trust a VPN that either you've created or one that you