AMD CES 2021 live blog: is Team Red going to take over CES?
AMD is at CES 2021, following one of the biggest years ever for the company. What will it have to offer this time around?
Read MoreResearchers at École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University have discovered a new vulnerability in certain implementations of Bluetooth 4.0 through 5.0 which could allow an attacker to gain access to authenticated services by overwriting or lowering the strength of the pairing key.
The two teams of academic researchers came to the discovery independently and decided to call the new vulnerability, which affects “dual-mode” Bluetooth devices, BLURtooth and it is tracked as CVE-2020-15802.
Blurtooth can be exploited on devices that support Bluetooth Classic and Bluetooth Low Energy and use Cross-Transport Key Derivation (CTKD) for pairing with one another. When CTKD is used for pairing dual-mode Bluetooth devices, the procedure happens only once using either of these two data transport methods.
During the pairing process, Long Term Keys / Link Keys (LTK/LK) are generated but they can be overwritten in cases where the transport enforces a higher level of security. BLUR attacks, which leverage the BLURtooth vulnerability, take advantage of this. The Carnegie Mellon CERT Coordination Center provided more details on how BLUR attacks can gain access to authenticated services in a security advisory, saying:
“Vulnerable devices must permit a pairing or bonding to proceed transparently with no authentication, or a weak key strength, on at least one of the BR/EDR or LE transports in order to be susceptible to attack. For example, it may be possible to pair with certain devices using JustWorks pairing over BR/EDR or LE and overwriting an existing LTK or LK on the other transport. When this results in the reduction of encryption key strength or the overwrite of an authenticated key with an unauthenticated key, an attacker could gain additional access to profiles or services that are not otherwise restricted.”
In a separate advisory, the Bluetooth Special Interest Group (SIG), which oversees the development of Bluetooth standards, warned that BLURtooth could also be used to launch man-in-the-middle attacks, saying:
“If a device spoofing another device’s identity becomes paired or bonded on a transport and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur. This may permit a Man In The Middle (MITM) attack between devices previously bonded using authenticated pairing when those peer devices are both vulnerable.”
To carry out a man-in-the-middle attack, an attacker would need to be in close proximity to a vulnerable target device, after which they could spoof the identity of a paired device to overwrite the original key and access authenticated services.
To protect their devices from potential BLUR attacks, Bluetooth SIG recommends that vendors introduce restrictions on the Cross-Transport Key Derivation which are required in Bluetooth Core Specification versions 5.1 and later. Carnegie Mellon's advisory has a complete list of affected vendors which will be updated once the full extent of the BLURtooth vulnerability is known.
Via BleepingComputer
AMD is at CES 2021, following one of the biggest years ever for the company. What will it have to offer this time around?
Read MoreWordPress.com has introduced major price changes without warning, replacing all of its paid plans with a single ‘Pro’ plan. The Automattic-owned website builder has also reduced the storage on its free plan significantly, from 3GB to 500MB. In a WordPress forum thread, some users of the platform expressed their frustration with the new Pro plan, which costs $180 a year with no option to spread costs out monthly, a facility previously available with the old plans. In response to complaints made on the WordPress forum, a spokesperson for the company said the goal with these pricing changes is to make the benefits of WordPress.com available to more people, describing the old plans as “overcomplicated” and “confusing”. “This presently does not affect free sites prior to the new plan updates. We’ve slashed the price of our older Business plan from $25/mo to just $15/mo (paid annually),” they added. However, despite the fact that WordPress says the changes to storage space would only affect new websites created on or after March 31, some WordPress users complained that their old sites have had the media storage space slashed to 500 MB. The previous Business plan referenced by the spokesperson used to come with up to 200GB of storage, while the new Pro plan caps storage space at 50GB. After a weekend of users complaining of the changes, WordPress set up a thread to collect feedback and provide clarity on new pricing changes. In the FAQ section, it acknowledged that the gap between a free plan and a $15 a month plan was large, and the company is therefore working on more “flexible à la carte options”. TechRadar Pro reached out to WordPress.com for a comment on the changes and the rationale behind removing the option to pay monthly for services, but the company has not yet returned a response. Via WPTavern Website builder price change
Fortnite has just entered Chapter 3 Season 1 and as it's December so we're also headed into Winterfest 2021 -that means we'll be seeing not only a new map and mechanics but plenty of new Fortnite skins for us to wear into battle. Chapter 3 will finally give us the chance to play as The Foundation - a mysterious member of the group called The Seven voiced by Dwayne 'The Rock' Johnson - and we can also swing into action as Spider-Man. We can also get into the festive spirit with brand new Winterfest skins like the Polar Peely - as well as returning classics from previous Winterfests. As there are a bunch of new cosmetics to explore we’ve rounded up every Fortnite skin we expect to land in the battle royale in December 2021, with not only skins confirmed by Epic Games but leaks and rumors for upcoming collaborations. We'll tell you how to unlock them all so you can look fashionable while racking up the eliminations. Hawkeye and his partner Kate Bishop - the stars of the recent Hawkeye show on Disney Plus - have shot into Fortnite Battle Royale with their own skins being added to the game. You can grab them from the Item Shop for 1,500 V-Bucks each, or in a bundle for both with some added cosmetics – including an awesome new glider – for 2,400 V-Bucks. The Chapter 3 Season 1 Battle Pass is here and includes some pretty rad skins. We've got a cyberpunk-inspired samurai with Ronin, a buff llama called Lt. John Llama, and the Island-raised battler Haven to name just a few you'll see in the trailer above. Players who make it through the Battle Pass can also unlock Spider-Man - the iconic web-slinger from Marvel's comics. For this season players are also able to find his web-shooters as an in-game item so they can swing around the battlefield. You can unlock the Battle pass by paying 950 V-Bucks or by signing up to Fortnite Crew for $11.99 / £9.99 / AU$15.99/ per month. The Foundation, a character that first appeared in the epic Fortnite Season 5 event, is finally becoming a Fortnite skin. He's the (not-so) Secret Skin of Chapter 3 Season 1 - and players who own the Battle Pass will be able to unlock them when the challenges go live in just a few weeks. With the Foundation's mask-off variant players will be able to run around as Dwayne Johson himself - so if you're a fan of the Rock we'd recommend snatching up the Battle Pass while you can. This month's Fortnite Crew pack features the Cube Assassin - a villain we all fought several times during Chapter 2 Season 8. She's made a return to the Island and with our help, she can finally get her revenge. Fortnite Crew costs $11.99 (£9.99 / AU$15.99) per month and alongside the exclusive skin it will net you 1,000 V-Bucks as well as the Battle Pass if you don't currently own it. Green Goblin was discovered in Fortnite's game files by leakers suggesting he'll get a Fortnite skin soon. Given that Spider-Man (his arch-enemy) has recently joined the battle royale and given that Hawkeye and Kate Bishop were both added (and look just like they do in the image above) we're fairly confident this leak could be legit – but as always we'll have to wait for official info to know for sure. Twitter user, and leaker @ShiinaBR has suggested that Peacemaker could follow on from Bloodsport as yet another The Suicide Squad tie-in. The same person who leaked Bloodsport suggested John Cena's character could appear too, meaning we might see the character show up soon. We don't have anything more concrete to go off, like in-game files, so take this with a pinch of salt but we could see Peacemaker arrive soon now that his new show has dropped on HBO Max. @GenosPapa Dual reveal of Samus in Fortnite, and Jonesy in Smash at E3? LET'S GOOOOO! pic.twitter.com/gAxb84xFZ7May 19, 2021 In Fortnite Chapter 2 Season 5 many fans were calling for Nintendo to be represented by an in-game skin after both Xbox and PlayStation got their mascots in the Battle Royale. The obvious choice was bounty hunter Samus from the Metroid series – but she never showed up. Leaked documents shared on Twitter from the Epic Games vs Apple court battle indicate that Samus is/was planned to appear in the game (alongside multiple other characters like Naruto and Ariana Grande). The above panel from issue three of the Batman Zero Point series adds to the speculation that the character could still be coming after fans spotted a silhouette that looks a lot like Samus. Take this rumor with an unhealthy amount of salt, but it could mean that Samus might soon arrive as a Fortnite skin. Here are ALL the skins from Epic's Survey, again thanks to @LeakySussed! pic.twitter.com/H8RNZlQjOOMay 14, 2021 Here's a leak to take with an extra pinch of salt: multiple Fortnite leakers on Twitter have shared images from a recent Epic survey showing off several new skin designs. In it the company detailed potential Fortnite skins and included images of ones we might eventually see added to the game. You can see all of the in the tweet above but some of our favorites are Cartoon Bushranger, a Vampire Drift, and Guff dressed as a Christmas tree. We have no clue if any of these skins will ever be added to the game, but be on the lookout in future seasons.
Officially unveiled Fortnite skins
Hawkeye and Kate Bishop
Chapter 3 Season 1 Battle Pass Skins
The Foundation – Leader of the Seven
Cube Assassin - Fortnite Crew December 2021
Rumored Fortnite skins
Green Goblin
Peacemaker
Samus Aran – Nintendo's bounty hunter
Leaked survey skins
Microsoft is designing a new Outlook client for Windows and Mac that will be universal across platforms.
Read MoreWant to hire best people for your project? Look no further you came to the right place!