17 October 2017

KUL team cracks WPA2

The crypto team at the Katholieke Universiteit Leuven found a flaw in WIFI encryption, compromising its security. Anyone who can capture the signals during the handshake can decrypt the traffic and in some configurations insert and modify data sent over the protocol.
The crack replays message 3 (of 4) in the handshake of WPA2 that establishes the crypto channel.  The message is used to reinstall the encryption key and reset the nonce and replay counters.
Linux and Anroid implementations suffer most from the attack as another bug sets the new key to all zero's rendering decryption trivial.
The protocol can be patched in a backward compatible way. Look out for updates on all your WIFI devices!

11 October 2017

Oracle handing over java products and standards

Oracle is reducing its Java costs and commitment. The latest platform releases (Java SE 9 and Java EE 8) were surprisingly low key.
With the releases out of the door, Oracle is drastically reducing its teams and handing over control of related products.

Given that the EE spec moves to an organisation whose main product is a Java IDE, Apache seems a second choice for Netbeans.