Hundreds of millions of wireless devices may be affected by a flaw in WPA-2, a widely used standard for securing wireless Internet connections. (Updated to add commentary by Bob Rudis of Rapid 7.)
CERT
Updated: Intel Fixes ‘Nightmarish’ Firmware Flaw But Nobody’s Safe
In-brief: Intel issued a patch for a serious vulnerability in firmware that has shipped with its chipsets for almost nine years, but it could take months for patches to reach affected customers from OEMs. (Editor’s note: updated with analysis from Matthew Garrett. PFR May 2, 2017.)
Estonia 10 Years Later: Lessons learned from the World’s First Internet War
In-brief: Gadi Evron recalls the denial of service attacks aimed at the government of Estonia in 2007 – one of the first recognized acts of ‘cyber war’ and a template for incidents that followed. Evron says there were many lessons in that incident – some of which the U.S. and its allies are still struggling to learn.
Netgear: 11 Home Router Models affected by Flaw, 3 patched
In-brief: A week after security experts at Carnegie Mellon’s CERT advised consumers about a serious security hole in home routers from the networking equipment maker NETGEAR, that firm has expanded the list of affected router models to 11, while offering official software patches for three of those models. Thousands of affected devices can be found online.
Update: Vulnerability Prompts Warning: Stop Using Netgear WiFi Routers
In-brief: A serious security hole in the software that runs certain models of wifi routers made by the firm Netgear prompted warnings to customers to stop using them until a fix can be found. (Editor’s Note: updated with comment from Netgear. PFR 12/12/2016)
