Month: April 2019

Enlarge / Artist's impression of wireless hackers in your computer. (credit: TimeStopper/Getty Images)

The next-generation Wi-Fi Protected Access protocol released 15 months ago was once hailed by key architects as resistant to most types of password-theft attacks that threatened its predecessors. On Wednesday, researchers disclosed several serious design flaws in WPA3 that shattered that myth and raised troubling new questions about the future of wireless security, particularly among low-cost Internet-of-things devices.

While a big improvement over the earlier and notoriously weak Wired Equivalent Privacy and the WPA protocols, the current WPA2 version (in use since the mid 2000s) has suffered a crippling design flaw that has been known for more than a decade: the four-way handshake—a cryptographic process WPA2 uses to validate computers, phones, and tablets to an access point and vice versa—contains a hash of the network password. Anyone within range of a device connecting to the network can record this handshake. Short passwords or those that aren’t random are then trivial to crack in a matter of seconds.

One of WPA3’s most promoted changes was its use of “Dragonfly,” a completely overhauled handshake that its architects once said was resistant to the types of password guessing attacks that threatened WPA2 users. Known in Wi-Fi parlance as the Simultaneous Authentication of Equals handshake, or just SAE for short, Dragonfly augments the four-way handshake with a Pairwise Master Key that has much more entropy than network passwords. SAE also provides a feature known as forward secrecy that protects past sessions against future password compromises.

• 

  The range-topping Porsche Panamera Turbo S E-Hybrid Sport Turismo.

If everything had gone to plan, you'd have read our review of Porsche's mighty Panamera Turbo S E-Hybrid Sport Turismo last summer. Maybe one of the longest names of any car on sale today, it has the specs and a price tag to match. How does 680 horsepower (507kW), 626lb-ft (848Nm) and a starting price of $190,200 sound?

But things didn't go exactly according to plan. Somehow, other drivers kept driving into the back of the range-topping hybrid on Porsche's East Coast press fleet, necessitating some continued rescheduling that meant we didn't actually get any seat time in it until the last clutches of winter, hence, the snow in the pictures.

However, it wasn't all calamity. To ameliorate one cancellation, the people at Porsche sent us a non-hybrid Panamera Turbo Sport Turismo (MSRP $155,500, 550hp/410kW, 567lb-ft/768Nm) as a stand-in. That provided the opportunity to make some comparisons between the two most powerful Panameras and explore what difference 14.1kWh of lithium-ion batteries and a 134hp (100kW), 295lb-ft (400Nm) electric motor make.

Enlarge (credit: CJ Ostrosky/POGO)

This article was reported in partnership with the Project On Government Oversight. It was written by POGO investigator Andrea Peterson, and it incorporates research from former POGO intern Vanessa Perry.

The outages hit in the summer of 1991. Over several days, phone lines in major metropolises went dead without warning, disrupting emergency services and even air traffic control, often for hours. Phones went down one day in Los Angeles, then on another day in Washington, DC and Baltimore, and then in Pittsburgh. Even after service was restored to an area, there was no guarantee the lines would not fail again—and sometimes they did. The outages left millions of Americans disconnected.

The culprit? A computer glitch. A coding mistake in software used to route calls for a piece of telecom infrastructure known as Signaling System No. 7 (SS7) caused network-crippling overloads. It was an early sign of the fragility of the digital architecture that binds together the nation’s phone systems.