chain

Administrators
  • Content count

    4,273
  • Joined

  • Last visited

Community Reputation

11 Good

5 Followers

About chain

  • Rank
    Founder Owner Administrator
  • Birthday 01/26/1962

Contact Methods

  • Website URL
    http://chainscriptz.net

Profile Information

  • Gender
    Male
  • Location
    Montreal,Quebec
  • Interests
    scripting and chatting

Recent Profile Visitors

23,679 profile views
  1. Just Arrived back from vacation to hear there's a new chat Server called Evolution ChatThey also have a Radio station called Outlaw Radio. http://www.outlaw-radio.net http://www.evolutionchat.co Owner's of chat Merlin & DarkAngel
  2. Researchers devised a new side-channel attack in Qualcomm technology, widely used by most Android smartphones, that could expose private keys.Researchers have uncovered a new side-channel attack that could be exploited by attackers to extract sensitive data from Qualcomm secure keystore, including private keys, and passwords. The attack potentially impacts most of the modern Android devices that use Qualcomm chips,  including popular Snapdragon models 820, 835, 845 and 855 The attack leverages a flaw in the Qualcomm Secure Execution Environment (QSEE), designed to securely store cryptographic keys on devices. “A side-channel attack can extract private keys from certain versions of Qualcomm’s secure keystore. Recent Android devices include a hardware-backed keystore, which developers can use to protect their cryptographic keys with secure hardware.” reads a blog post published by NCC Group. “On some devices, Qualcomm’s TrustZone-based keystore leaks sensitive information through the branch predictor and memory caches, enabling recovery of 224 and 256-bit ECDSA keys. “ According to NCC, the Hardware-backed keystores rely on ARM TrustZone to protect sensitive data, it splits execution on many devices into a secure world (used to manage sensitive data) and a normal world (used by processes of the Android OS). Experts pointed out that the two worlds have the same underlying microarchitectural structures, meaning an attacker could carry out a side-channel attack to access protected memory. The experts used a memory cache analyzer called Cachegrab to carry out  side-channel attacks on TrustZone. The experts tested a rooted Nexus 5X device using the Qualcomm Snapdragon 808 and discovered that the QSEE that leaking data that could be used to recover 256-bit ECDSA keys. The attacker must have root access to the device to launch the attack. Qualcomm has released a security patch to address the flaw tracked as CVE-2018-11976, while Android disclosed a patch for the flaw in its April update. Below the timeline of the flaw: March 19, 2018: Contact Qualcomm Product Security with issue; receive confirmation of receiptApril, 2018: Request update on analysis of issueMay, 2018: Qualcomm confirms the issue and begins working on a fixJuly, 2018: Request update on the fix; Qualcomm responds that the fix is undergoing internal reviewNovember, 2018: Request update on the timeline for disclosure; Qualcomm responds that customers have been notified in October, beginning a six-month carrier recertification process. Agree to April 2019 disclosure date.March, 2019: Discuss publication plans for April 23April, 2019: Share draft of paper with QualcommApril 23, 2019: Public Disclosure“Providing technologies that support robust security and privacy is a priority for Qualcomm,” a Qualcomm spokesperson told Threatpost. “We commend the NCC Group for using responsible disclosure practices surrounding their security research. Qualcomm Technologies issued fixes to OEMs late last year, and we encourage end users to update their devices as patches become available from OEMs.”Technical details of the vulnerability are available in the paper published by the expert. Source: https://securityaffairs.co
  3. Roundup While last week the Microsoft headlines were all about bonzer financial results, storage problems and, er, Microsoft Paint, other things were afoot in Redmond. Insiders unblocked thanks to prunes, fibre and a minty fresh Windows 10 BuildIt has been a while – over two weeks by our reckoning – but the Windows Insider gang has finally given its loyal army of volunteer testers something to chew over in the form of build 18885. The build, which arrived on Friday 26 April, follows hot on the heels of a fix for Insiders still running on 19H1 to allow an update to the Windows 10 of 2020. Something lurking within the May 2019 Update, when patched to build 18362.53, left the 20H1 installer with a serious case of indigestion, and Microsoft to throw up a block to stop the OS trying to slither its way onto some Insiders' desktops. With Friday's update, 19H1 users should now be able to make the leap to 20H1, having first patched to 18362.86. However, they are likely to be a little disappointed because, at this point in the development cycle, there just isn’t much to get too excited about. The company is, after all, still a year or so away from release. That said, the team has gotten around to adding more languages to the built-in dictation support in the operating system. Current versions of Windows 10 struggle to accept that there might be a world of people without English (United States) voices. With 20H1, Brits, Canadians and Australians can now get in on the action. The gang has also added support for Germany, Italy, Spain and France among others. The build also includes a fix for that whole pesky external storage thingas well as a wonderful bug whereby Windows Hello would immediately sign a user back into their PC after the unlucky punter had locked the thing (which resulted in some impressive keyboard gymnastics to stay out of the camera's view during the locking process.) However, Microsoft continued to point the finger of blame for PC crashes at game developers who had failed to update their wares to deal with the long-running anti-cheat code issues. The team cheerfully said "most games have released patches" and urged gamers to ensure they are up to date before attempting an operating system upgrade. My phone, Your Phone, anything but iPhoneWindows Insiders (or some of them, at least) were also gifted a Your Phone update, as Microsoft's Director of Program Management for Mobile 'eXperiences', Vishnu Nath, announced some new toys were inbound. For orphaned Windows Phone users, the idea of a Microsoft Mobile Experience is more reminiscent of an David Attenborough nature documentary: "Look at the pretty thing, oh dear – it's dead now." Microsoft's mobile efforts are now focused on the Android and iOS worlds, and to that end the update brings phone notifications to the PC screen. The user can select which notifications they wish to see and when a notification is dismissed on one device, it is also dismissed on the other. Your Phone, which made its debut last year, already synchronises text messages between devices, as well as allowing access to recent photos on a connected device. Back in March the team added the ability to mirror the phone's screen onto a PC, but only for a vanishingly small cross-section of users. You needed a Samsung Galaxy S8/S8+ or S9/S9+ and a PC with a Bluetooth radio that supported the low-energy peripheral role. Like, er, a Surface Go. While the Bluetooth requirement remains present, the update has extended the number of phones supported, with the OnePlus 6, OnePlus 6T, Samsung Galaxy S10e, S10, S10+, Note 8, Note 9 devices added to the list. Alas, iPhone users still cannot get in on the fun. When Nath says "phone" he means "Android". All the text syncing, notification bothering and screen mirroring won't be happening for users of Apple's devices, as Nath observed when asked: While the gang lays claim to 84 issues closed in this release, the most eye-catching is the new Variable Explorer and Data Viewer. This feature allows Visual Studio Code users to take a look at variables in the application via an explorer which shows up when code is running. Additional variables make an appearance as they get used in the code. While still a bit crude at present (searching values is a bit simplistic), getting at the contents of variables via the new Data Viewer will prove invaluable during debugging, although you'll also need Pandas 0.20 or later to join in the fun. Microsoft has maintained quite the cadence for its Visual Studio Code source wrangler, with an update to the open source editor this month as well as the refreshed Python extension as part of its ongoing efforts to woo developers. Judging by the 2019 Stack Overflow survey, it seems to be succeeding. Azure giveth and Azure taketh awayAs new versions of technologies get flung out at a tremendous pace, old ones must also be gently nudged out to pasture. As Kubernetes 1.13 support became generally available in Azure Kubernetes Service (AKS) last week, Microsoft announced that it was about to put a bullet into the head of version 1.9 support. AKS only supports four minor versions of Kubernetes, so the 30-day notice for 1.9's demise should not come as too much of a shock. While developers can still create new 1.9.x clusters during the deprecation period, it probably isn't a good idea. When 25 May rolls around, 1.9.x will be removed with little ceremony and support yanked. Azure Blob fans, however, will be happy to note the "General Availability" sticker slapped onto the Azure data migration utility AzCopy 10 last week. We took a look at the preview last month and Microsoft has gone on to tweak things to make life easier for users seeking to get data out of an AWS S3 bucket and into the cloudy world of Azure. The latest release of AzCopy, version 10.0.9, has added AWS S3 as a source and will copy data directly without having to shunt the bits and bytes down to a client first. By stripping out that bottleneck, the Azure gang claimed rates of 50Gbps when copying from a S3 bucket to Azure Storage in the same region. You're in the Army nowWhile all eyes were on Microsoft's financials last week, the US Department of Defense announced it would be tipping $7,269,740 into the software giant's coffers as part of a fixed price, single bid Enterprise Services contract. The work will be performed in Fort Gordon, Georgia and is expected to be complete a year from now, on 2 May 2020. Army funds were obligated at the time of the award. 
  4. Apple has smacked back at app developers moaning that their parental control apps were chucked off the App Store. Several app makers went to the New York Times to complain that their applications had been removed without warning from the digital outlet. Amir Moussavian, chief executive of OurPact, told the paper: "They yanked us out of the blue with no warning….They are systematically killing the industry." The latest version of Apple's mobile operating system includes tools to restrict access to applications. Apple insisted that it gave all the app-makers 30 days to alter their applications to bring them into line with App Store rules. Specifically, Apple said the axed apps used Mobile Device Management: "MDM gives a third party control and access over a device and its most sensitive information including user location, app use, email accounts, camera permissions, and browsing history." Apple said it began investigating MDM use by "non-enterprise developers" in early 2017 and changed its rules in the middle of 2017. The company noted what it considers acceptable use of MDM including use by enterprises to track devices and control access to proprietary data. But Apple described use of MDM for consumer-focused applications as "incredibly risky" as well as being a violation of App Store Ts & Cs. Apple warned that beyond the direct control such an app would have over an iPhone, MDM also creates profiles which could be used by hackers to get control of a device. Apple said it gave app makers 30 days to update their software or risk being removed. The company said: "Several developers released updates to bring their apps in line with these policies. Those that didn't were removed from the App Store." Several app makers are making complaints to the European Union's competition watchdog. The full statement is available here. The World Health Organisation released guidelines of child development last week which were widely reported as suggesting restrictions on screen time. Actually, the recommendations were for more physical activity generally along with better quality sleep. For three- to four-year-olds that means at least 180 minutes a day of varied physical activity and between 10 and 13 hours of "good quality" sleep. WHO noted that 23 per cent of adults and a whopping 80 per cent of adolescents are not "sufficiently physically active". 
  5. Happy Easter Everyone

    Chainscriptz would like to wish everyone a very Happy Easter & all the best to you and your Family & loved ones.
  6. A death in the msn chat family

    Fior further information contact Nexus Oblivion AKA Pent or if you were once in that group on MSN you can joing the facebook group Long in the tooth and answer there questions.
  7. A death in the msn chat family

    Reaching out to all former affiliates and associates of myself (Pent), Fang, Pandora, Wolf Pack and msn's religion category in general.  I can be contacted via fb "Nexus Oblivion". We've already gathered 40 + known associates in light of so disheartening news which i will not do the disrespect of delivering in this fashion.  
  8. Mozilla is releasing an ARM version of its Firefox browser today for Windows 10. While Microsoft and Google have been working together on Chromium browsers for Windows on ARM, Mozilla has been developing its own ARM64-native build of Firefox for Snapdragon-powered Windows laptops. We got an early look at this version of Firefox late last year, and it seemed to fare well on an ARM laptop with a dozen tabs open. This new build of Firefox is available today as part of Mozilla’s beta channel for the browser for anyone with an ARM-powered Windows 10 laptop to test. That might not be a lot of people right now, but Mozilla has been working on its Firefox Quantum technology to optimize Firefox for the octa-core CPUs available from Qualcomm. This should mean the performance is relatively solid, while maintaining all of the regular web compatibility you’d expect from Firefox. ARM VERSIONS OF CHROMIUM ON THE WAY SOONChromium ARM64 builds seem relatively close, too. A developer successfully built and ran a version of Chromium on an ARM-powered laptop recently, demonstrating that it should also perform well on these devices. It’s not clear when Google or Microsoft will release ARM versions of their Chromium browsers, though. Microsoft is currently testing its new Chromium-powered Edge browser with developers, ahead of a release across Windows, Mac, and ARM-powered versions of Windows 10. If you’re interested in testing out the new Firefox on an ARM Windows laptop, you can download it from Mozilla’s beta site right here. Source: The Verge
  9. The US Justice Department just officially charged Wikileaks co-founder Julian Assange, shortly after he was removed from the Ecuador embassy in London and arrested by local police. The charge is "conspiracy to commit computer intrusion" for agreeing to break a password to a classified US government computer. The Justice department also said it was in relation to "Assange's alleged role in one of the largest compromises of classified information in the history of the United States." It's the same allegation that was made in the Chelsea Manning trial in 2013, in which the former US Army private was found guilty of theft and espionage in relation to the release of classified government documents. But now that Assange has had his asylum revoked by the Ecuadorian government and has been arrested, he can finally be extradited to the US to face these charges. More specifically, the Justice Department alleges that Assange conspired to assist Manning in cracking a password that allowed access to US Department of Defense computers that contained classified information. The alleged conspiracy was said to be carried out in March of 2010, a time when Manning was already using her access to download documents and transmit them to WikiLeaks. The DoJ alleges that during their communications, Assange actively encouraged Manning to provide more information, even after she said that there was nothing left to send -- the charge of conspiracy to commit computer intrusion relates to Assange's offer to help break a password to get more classified info. If found guilty, Assange would face up to five years in prison, though the Justice Department notes that actual sentences are often less than the maximum penalty. That said, there could be more charges against Assange coming from the US -- these revealed today are just the basis of the US's extradition request. Before Assange can stand trial in the US, however, he needs to be extradited from the UK, a process that could take months or even years. Even if a UK judge agrees to the US government's request, Assange is likely to appeal that decision through the various layers of the UK court system. Shortly after the US charges were revealed, Assange appeared in a London at the Westminster Magistrates Court. A District Judge quickly found Assange guilty of failing to surrender to police on June 29th, 2012. He was out on bail in August of 2012 when he went into the Ecuadorian embassy in London; he then claimed asylum and lived there until today. His next appearance in UK court is now set for May 2nd (via video link), at which time the US extradition request will be discussed. Source:engadget
  10. Today in “Facebook  apps are too big to manage,” a glitch caused some users’ Instagram  Stories trays to show Stories from people they don’t follow. TechCrunch first received word of the problem from Twitter user InternetRyanwho was confused about seeing strangers in his Stories Tray and tagged me in to investigate. The screenshots below show people in his Stories tray whom he doesn’t follow, as proven by the active Follow buttons on their profiles. TechCrunch inquired about the issue, and the next day Instagram confirmed that a bug was responsible and it had been fixed. Instagram is still looking into the cause of the bug but says it was solved within hours of being brought to its attention. Luckily, if users clicked on the profile pic of someone they didn’t follow in Stories, Instagram’s privacy controls kicked it and wouldn’t display the content. Facebook Stories wasn’t impacted. But the whole situation shakes faith in the Facebook corporation’s ability to properly route and safeguard our data, including that of the 500 million people using Instagram Stories each day. An Instagram spokesperson provided this statement: “We’re aware of an issue that caused a small number of people’s Instagram Stories trays to show accounts they don’t follow. If your account is private, your Stories were not seen by people who don’t follow you. This was caused by a bug that we have resolved.” The problem comes after a rough year for Facebook’s privacy and security teams. Outside of all its scrambling to fight false news and election interference, Facebook and Instagram have experienced an onslaught of technical troubles. A Facebook bug changed the status update composer privacy setting of 14 million users, while another exposed up to 6.8 million users’ unposted photos. Instagram bugs have screwed up follower accounts, and made the feed scroll horizontally. And Facebook was struck by its largest outage ever last month, after its largest data breach ever late last year exposed tons of info on 50 million users. Facebook and Instagram’s unprecedented scale make them extremely capital efficient and profitable. But that size also leaves tons of surfaces susceptible to problems that can instantly impact huge swaths of the population. Once Facebook has a handle on misinformation, its technical systems could use an audit. Source: TC
  11. Shortly before ten o’clock on the morning of May 10 last year, Jim Balsillie, cofounder of Research in Motion (rim), the Waterloo, Ontario, company that created BlackBerry phones, took a seat in a conference room across from Parliament Hill. Next to him sat Colin McKay, an executive from Google, the company whose Android operating system was responsible, in part, for BlackBerry’s fall from grace. rim (now BlackBerry) was an industry powerhouse a decade ago, but the success of Android and Apple phones cut its share of the global smartphone market to nearly zero by 2016. Despite this history, it was Balsillie, sporting a neon green tie, who exuded confidence. The men had been called to testify before the House of Commons ethics committee about the Cambridge Analytica scandal, triggered less than two months prior by Canadian whistle-blower Christopher Wylie when he revealed that a British firm had pilfered the personal information of up to 87 million people on Facebook, which was later used by Donald Trump’s 2016 presidential-election campaign. But the hearing quickly devolved into an interrogation of the data-collection practices of a tech industry that, for years, has been hell bent on fending off calls for oversight. McKay, visibly uncomfortable, an uncooperative strand of his combed-back hair dangling above his glasses, was there in part to convince the MPs that Google was not guilty of the negligent privacy practices that Facebook had been accused of. Balsillie, who had cut ties with rim in 2012, joined in the takedown of his former industry, his zeal scarcely concealed. The data-driven economy, Balsillie warned, was developing faster than the ability of policy makers to reckon with its consequences. “We are cascading toward a surveillance state,” he said, conjuring a world divided into the watchers and the watched, a world where Big Tech piles up astronomical profits by distilling our everyday experiences into data to monetize—in some instances, doing so “without a moral conscience.” He mentioned how, in Australia, Facebook had been caught designing algorithms to identify stressed, overwhelmed, and anxious teenagers on its network, presumably to assist advertisers who might want to target them. Google has faced its own parade of scandals, which include the accusation that it illegally collects children’s personal information through YouTube, a subsidiary with algorithms that can push viewers toward increasingly polarizing and vile content—from neo-Nazis to Trump-bashing conspiracy theorists. Why? Because that’s likely to keep us most engaged, thus maximizing Google’s ad revenue. https://thewalrus.ca/are-you-afraid-of-google-blackberry-cofounder-jim-balsillie-says-you-should-be/
  12. Security experts at Bad Packets uncovered a DNS hijacking campaign that is targeting the users of popular online services, including Gmail, Netflix, and PayPal.Experts at Bad Packets uncovered a DNS hijacking campaign that has been ongoing for the past three months, attackers are targeting the users of popular online services, including Gmail, Netflix, and PayPal. Hackers compromised consumer routers and modified the DNS settings to redirect users to fake websites designed to trick victims into providing their login credentials. Bad Packets experts have identified four rogue DNS servers being used by attackers to hijack user traffic. “Over the last three months, our honeypots have detected DNS hijacking attacks targeting various types of consumer routers.” reads the report published by Bad Packets. “All exploit attempts have originated from hosts on the network of Google Cloud Platform (AS15169). In this campaign, we’ve identified four distinct rogue DNS servers being used to redirect web traffic for malicious purposes.” Experts pointed out that all exploit attempts have originated from hosts on the network of Google Cloud Platform (AS15169). The first wave of DNS hijacking attacks targeted D-Link DSL modems, including D-Link DSL-2640B, DSL-2740R, DSL-2780B, and DSL-526B. The DNS server used in this attack was hosted by OVH Canada (66[.]70.173.48). The second wave of attacks targeted the same D-Link modems, but attackers used a different rogue DNS server (144[.]217.191.145) hosted by OVH Canada. The fourth DNS hijacking attacks originated from three distinct Google Cloud Platform hosts and involved two rogue DNS servers hosted in Russia by Inoventica Services (195[.]128.126.165 and 195[.]128.124.131). In all the DNS hijacking attacks the operators performed an initial recon scan using Masscan. Attackers check for active hosts on port 81/TCP before launching the DNS hijacking exploits. The campaigns aim at users Gmail, PayPal, Netflix, Uber, attackers also hit several Brazilian banks. , says.  Experts found over 16,500 vulnerable routers potentially exposed to this DNS hijacking campaign. “Establishing a definitive total of vulnerable devices would require us to employ the same tactics used by the threat actors in this campaign. Obviously this won’t be done, however we can catalog how many are exposing at least one service to the public internet via data provided by BinaryEdge” continues Bad Packets. Experts explained that attackers abused Google’s Cloud platform for these attacks because it is easy for everyone with a Google account to access a “Google Cloud Shell.” This service offers users the equivalent of a Linux VPS with root privileges directly in a web browser. Further technical details, including IoCs, are reported in the analysis published by Bad Packets: https://badpackets.net/ongoing-dns-hijacking-campaign-targeting-consumer-routers/
  13. Security researchers discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.One of the main advantages of WPA3 is that it’s near impossible to crack the password of a network because it implements the Dragonfly handshake, Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the Wi-Fi network. Security researchers Mathy Vanhoef and Eyal Ronen discovered weaknesses in the early implementation of WPA3-Personal that could be exploited by an attacker within range of a victim to recover WiFi passwords by abusing timing or cache-based side-channel leaks. One of the main advantages of WPA3 is that it’s near impossible to crack the password of a network because it implements the Dragonfly handshake, Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the Wi-Fi network. Security researchers Mathy Vanhoef and Eyal Ronen discovered weaknesses in the early implementation of WPA3-Personal that could be exploited by an attacker within range of a victim to recover WiFi passwords by abusing timing or cache-based side-channel leaks. An attacker can steal sensitive transmitted information, including credit card numbers, passwords, emails, and chat messages. “Concretely, attackers can then read information that WPA3 was assumed to safely encrypt. This can be abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails, and so on.” reads a dedicated website published by the experts that describe the DragonBlood research. The experts provided technical details about two design flaws in  WPA3 that could be exploited to carry out downgrade and side-channel leaks. Devices that support WPA3 must guarantee backward compatibility with WPA2 and this is done supporting a “transitional mode of operation” that could accept connections using both WPA3-SAE (Simultaneous Authentication of Equals (SAE) handshake aka Dragonfly) and WPA2. The security duo demonstrated that the transitional mode is vulnerable to downgrade attacks. An attacker could abuse it to set up a rogue AP that only supports WPA2, forcing the WPA3-certified devices to connect using insecure WPA2’s 4-way handshake. “We present a dictionary attack against WPA3 when it is operating in transition mode. This is accomplished by trying to downgrade clients to WPA2. Although WPA2’s 4-way handshake detects the downgrade and aborts, the frames sent during the partial 4-way handshake provide enough information for a dictionary attack.” reads the DragonBlood research paper. “We also present a downgrade attack against SAE, and discuss implementationspecific downgrade attacks when a client improperly autoconnects to a previously used WPA3-only network.” The attackers need to know the SSID of the WPA3- SAE network to carry out the attack, experts pointed out that a man-in-the-middle position is not needed. Anyway, the attacker must be close to a client to broadcast a WPA2-only network with the given SSID and force the target to connect to our rogue AP using WPA2.  The experts detailed two side-channel attacks against Dragonfly’s password encoding method (Cache-based (CVE-2019-9494) and Timing-based (CVE-2019-9494) attacks) that could be exploited by attackers to perform a password partitioning attack and obtain Wi-Fi password. “The cache-based attack exploits Dragonflys’s hash-to-curve algorithm, and our timing-based attack exploits the hash-to-group algorithm. The information that is leaked in these attacks can be used to perform a password partitioning attack, which is similar to a dictionary attack. The resulting attacks are efficient and low cost.” wrote the experts. “our cache-based attack exploits SAE’s hash-to-curve algorithm. The resulting attacks are efficient and low cost: bruteforcing all 8-character lowercase password requires less than 125$ in Amazon EC2 instances” continues the paper. To carry out the password partitioning attack, the experts need to record several handshakes with different MAC addresses. It is possible to record them by targeting multiple devicess in the same network (e.g. tricking multiple users to download the same malicious application). If the attackers are only able to hit one client, then it is necessary to set up rogue APs with the same SSID but a spoofed MAC address. Experts also demonstrated how to abuse side-channel defenses of SAE (against already-known leaks) to introduce overhead and cause a denial-of-service (DoS) condition. They were also able to bypass SAE’s anti-clogging mechanism that is supposed to prevent DoS attack “An adversary can overload an AP by initiating a large amount of handshakes with a WPA3-enabled Access Point (AP). Although WPA3 contains a defense to prevent such denial-of-service attacks, it can be trivially bypassed.” continues the experts. “By repeatedly initiating handshakes from spoofed MAC addresses, the AP performs many costly password derivation operations (i.e. it performs many executions of the “Hunting and Pecking” algorithm). Depending on the AP under attack, this may consume all resources of the AP.” The experts plan to release the following four separate proof-of-concept tools to test the vulnerabilities they described. Dragondrain—a tool that can test to which extend an Access Point is vulnerable to Dos attacks against WPA3’s Dragonfly handshake.Dragontime—an experimental tool to perform timing attacks against the Dragonfly handshake.Dragonforce—an experimental tool that takes the information to recover from the timing attacks and performs a password partitioning attack.Dragonslayer—a tool that implements attacks against EAP-pwd.The researchers reported their findings to the WiFi Alliance and are working with vendors to address the flaw in existing WPA3-certified devices. Below the press release published by the WiFi Alliance:
  14. Justice League (Spcn ircwx)2019 View File DC comics / films for Justice League Superheroes. Socketless , and quick off the mark. Has vids, movies, slide-show , mp3 player etc. etc.. Hope you will like it......cheers , paige.. Submitter chain Submitted 04/11/2019 Category Sparkpea Scripts (ircwx)  
  15. The first home delivery drone service has been launched in Australia, after years of test flights. Wing, owned by Google's parent company Alphabet, will deliver takeaway food, coffee and medicines by drone to about 100 homes in Canberra. It has been testing its drones in Australia since 2014 but many residents had complained about the noise. Wing said the feedback obtained during its trials had been "valuable" and it hoped to "continue the dialogue". Australia's aviation authority gave Wing permission to launch a commercial service after examining its safety record and operational plans. It judged that the company posed no risk to residents or other aircraft. Image copyrightWINGImage captionWing deliveries are lowered on stringWing's drones deliver small packages which are lowered into the customer's garden on a length of string. However, the approval has several conditions attached. The drones will only be allowed to fly during the day and not before 08:00 AEST at the weekend. They will not be allowed to fly over crowds or main roads. Skip Youtube post by Mack and Marty MonkeyWarning: Third party content may contain advertsReportEnd of Youtube post by Mack and Marty Monkey Trials of the drones had attracted complaints from residents in Bonython, Canberra, who said they were noisy and intrusive. The Bonython Against Drones campaign said the devices could be heard from "a long way off, both coming and leaving". "When they do a delivery drop they hover over the site and it sounds like an extremely loud, squealing vacuum cleaner," the group said on its website. In response, Wing said it had developed a quieter drone. The aviation authority says Wing must use this quieter drone for its commercial service.