How to Change Which Desktop Icons Appear on Windows 11

By default, Windows 11 doesn’t display any special icons (such as “This PC” or “Recycle Bin”) on your desktop. If you’d like a classic Windows look, you can enable special desktop icons easily. Here’s how to do it.

  • First, right-click an empty spot on the desktop and select “Personalize” in the menu that appears.

Right-click the desktop and select "Personalize."

The Windows Settings app will open to the “Personalization” page. In the list of Personalization categories, select “Themes.”

In Windows 11 Personalization settings, click "Themes."

In Themes, scroll down and click “Desktop Icon Settings.”

A special window titled “Desktop Icon Settings” will appear. Using the “Desktop Icons” section near the top of the window, place check marks beside the special icons you’d like to appear on the desktop. For example, if you’d like to see the Recycle Bin on your desktop, check “Recycle Bin.” When you’re done, click “OK.”

After clicking “OK,” the window will close. You can close Settings as well. Take a look at your desktop, and you’ll see the special icons that you checked in the “Desktop Icon Settings” window.

Tip: You can make your desktop icons bigger or smaller by holding down the Ctrl key on your keyboard and scrolling your mouse wheel up or down.

If you change your mind and want to hide certain special desktop icons, just revisit Settings > Personalization > Themes > Desktop Icon Settings and uncheck the icons you no longer want to see.

[mai mult...]

How to Get Rid of Teams on Windows 11

If Microsoft Teams is getting on your nerves in Windows 11—popping up when you log in, always running in the background, or launching when you click the “Chat” taskbar icon—here’s how to get rid of it.

Why Does Microsoft Want Me To Use Teams?

Teams is Microsoft’s collaboration and chat app. It supports audio and video calls, text-based chat, group chat, and synchronizing schedules, among other features. Teams is a competitor to services such as Zoom, Google Chat, and Slack, and can be considered a replacement for Skype, another Microsoft Product. Microsoft adds value to its Windows platform by getting people to use its services, which helps it make more money. That’s why it wants you to use Teams.

While Teams can be handy for some people, if you don’t use it, having it always running on your system can be an annoyance. Luckily, it’s possible to avoid or disable Teams, although you can’t remove it completely without potentially damaging your Windows 11 installation, because Microsoft considers it an essential part of Windows. We’ll go over several strategies in the sections ahead—ranging from least-to-most drastic removal measures.

By default, Windows 11 shows a Teams Chat icon in your taskbar (that looks like a purple word bubble with a camera icon inside). If you’d like to hide it, right-click the taskbar and select “Taskbar Settings.” When Settings opens to the Personalization > Taskbar page, expand the “Taskbar Items” section if necessary, then flip the switch beside “Chat” to “Off.”

In Personalization > Taskbar, switch "Chat" to "Off."

The Chat icon will disappear immediately from your taskbar. This doesn’t stop Teams from running in the background, but it does put it one step further out of sight.

If you’ve used Windows 11 for a while, you’ll notice that Teams likes to pop up whenever you log into your Windows user account. Luckily it’s easy to make it stop. First, open Settings by pressing Windows+i. Or you can right-click the Start button and select “Settings.”

In Windows 11, right-click the Start button and select "Settings."

When Settings appears, click “Apps” in the sidebar, then select “Startup.”

In Settings, select "Apps," then click "Startup."

In Startup settings, you’ll see a list of “Startup Apps” that launch whenever you log in. Locate “Microsoft Teams” in the list and flip the switch beside it to “Off.”

Click the switch beside "Microsoft Teams" to turn it "Off."

After that, close Settings. If Teams is still running in the background, quit it by clicking the caret arrow beside the speaker and Wi-Fi icons in the taskbar (also, near the clock). When a tiny bubble menu appears, right-click the Teams icon (purple with a “T” on it) and click “Quit.”

At this point, Teams won’t run again unless you launch it manually, although it’s still on your system. If that’s a problem, move on to the next section.

If you’d like to remove Microsoft Teams from your application list, it’s fairly easy to do. First, open Settings by pressing Windows+i (or right-clicking the Start button and selecting “Settings”). In Settings, click “Apps,” then select “Apps & Features.”

In Windows Settings, select "Apps," then choose "Apps & Features."

Scroll down in the Apps List and locate “Microsoft Teams.” Click the three vertical dots button beside its entry in and select “Uninstall.”

Click the three-dots button beside "Microsoft Teams" in the list and select "Uninstall."

Settings will ask you to confirm with a pop-up. Click “Uninstall” again. After a moment, Microsoft Teams will completely vanish from the list of installed Apps. But surprise! Teams is not completely gone from your system, because it’s an essential part of how the “Chat” taskbar icon works. To keep Teams from coming back, disable the “Chat” icon in the taskbar (see the section above). If you click that icon, Teams will automatically reinstall itself again and undo every step in the sections above.

If you previously uninstalled Microsoft Teams but you need to get it back, it’s actually just a click away. It seems that even if you uninstall Teams, Windows 11 always keeps a backup copy to load again when you click the “Chat” icon in the toolbar.

To re-install teams, all you need to do is enable the taskbar Chat icon (if it isn’t already) and click it. To see the Chat icon, open Settings > Personalization > Taskbar and expand “Taskbar Items.” Click the switch beside “Chat” to turn it “On.”

In Personalization > Taskbar, switch "Chat" to "On."

After that, click the Chat icon (the purple word balloon) in your taskbar.

Teams will automatically reinstall itself—and will also make itself launch at startup again.

[mai mult...]

How to Upgrade Your PC to Windows 11

Windows 11 is now available. If you’ve decided you want to upgrade from Windows 10, here’s how you can get the free upgrade—even if Windows Update doesn’t offer it. This works if Windows 11 doesn’t officially support your PC, too.

The Safe and Slow Way: Windows Update

For the safest possible update process, go to Settings > Update & Security > Windows Update on your Windows 10 PC. (You can press Windows+i to quickly open the Settings app.)

Note: Microsoft is slowly offering this update to more and more PCs over time. If you don’t see the banner offering you the update here yet, you may see it in a few weeks—or a few months. For the best possible update experience on your hardware, Microsoft recommends waiting for Windows Update to offer the update to your PC. When Microsoft is confident your PC is ready, you’ll get the update.

If Windows 11 doesn’t officially support your PC, you will never see the update offered via Windows Update. (But don’t worry, Windows 10 will still be officially supported until October 2025).

Windows Update offering Windows 11 on Windows 10.
Microsoft
The Fast Way: Download Windows 11

Microsoft offers a variety of tools for downloading Windows 11 immediately. These will skip the slow, careful upgrade process and let you skip the line and install Windows 11 right now—even if your PC doesn’t officially support Windows 11.

To get started, visit Microsoft’s Download Windows 11 page. We recommend you download and run the Windows 11 Update Assistant. It will update your current PC to Windows 11 for you. (You can also use the Create Windows 11 Installation Media tool to create installation media on a bootable USB or DVD, or download a Windows 11 ISO for use in a virtual machine).

Warning: By installing Windows 11 immediately, you’re skipping Microsoft’s slow-and-steady rollout process. You may encounter bugs with Windows 11 on your hardware. If that’s a deal-breaker for you, we encourage you to wait a few months before you’re offered the upgrade.

If you encounter a problem, note that you can downgrade back to Windows 10 within the first ten days after upgrading.

Microsoft says these tools will also let you upgrade a Windows 10 PC to Windows 11, even if the PC’s hardware isn’t officially supported by Windows 11. You’ll just have to agree to a warning first. (Whether you actually want to accept the risk of problems is up to you, but we encourage you to keep older PCs on Windows 10 unless you’re enthusiastic about upgrading them for a particular reason).

[mai mult...]

How to Add Multi-Color Text in PowerPoint

While picking fonts the right font for your presentation is important, you can add a fun touch by using multiple colors for the text. Here’s how to add multi-color text to a slide of your PowerPoint presentation on a desktop.

Similar to how you can highlight text on a slide, it’s also possible to apply a multi-color effect to the text and make it appear more attractive. Unfortunately, these customization options are available only in the desktop version of PowerPoint.

Add Multi-Color Text in PowerPoint

First, open PowerPoint and either open a new presentation or the one where you want to add multi-color text. Then, select the slide where you want to add the colorful text.

Select the slide where you want to add the colorful text.

On the slide, select the text you want to customize and click the “Format” tab.

Select the text you want to customize and click the "Format" tab.

From the ribbon, select “Text Fill” from the “WordArt Styles” section.

Select "Text Fill" from the "WordArt Styles" section.

When the drop-down menu opens, select “Gradient” and choose “More Gradient” from the sub-menu.

When the drop-down menu opens, select "Gradient" and choose "More Gradient" from the sub-menu.

That opens a new column titled “Format Shape” on the right-hand side, with the “Text Options” tab open since you want to change the text color. Note that the “Text Fill” section shows “Solid Fill” as the default option.

A column titled "Format Shape" on the right-hand side

Select “Gradient Fill” to reveal the options to customize the gradient style and colors.

Select "Gradient Fill" to reveal the options to customize the gradient style and colors.

Either choose a preset gradient or create a custom size as per your liking.

RELATED: How to Convert Google Slides to PowerPoint

Alternatively, you can customize your gradient. First, select the drop-down next to “Type” and choose between “Linear,” “Radial,” “Rectangular,” or “Path.”

First, select the drop-down next to "Type" and choose between "Linear," "Radial," "Rectangular," or "Path."

Under the “Gradient Stops” option, select the first pencil-like stop button on the slider. Gradient stops are the points at which one color begins to transition to the next.

Under the "Gradient stops" option, select the first pencil-like stop button on the slider.

Note: You can also click on the slider and add more stop buttons on it.

Then, select the icon next to “Color” to open the color picker and choose the color of your liking. If you’ve selected the text on the slide, it will show you the preview of the changes.

Similarly, select the rest of the stoppers and pick appropriate colors for each Gradient stop button.

You can try out the “Transparency” and “Brightness” slider to see how it impacts the color levels of the selected Gradient stop button and the text. You can see a live preview of that only if the prompt has a letter before and after it. Otherwise, you won’t see any change in the text.

Move the "Transparency" and "Brightness" sliders to adjust the appearance

That’s it. Spend some time picking appropriate colors to jazz up the text, and you can check out some tips to make better PowerPoint presentations.

[mai mult...]

How to Use Immersive Reader in Microsoft Word, Outlook, and OneNote

Immersive Reader Three Lines in Word on the Web

To make reading documents, emails, and notes easier, try Immersive Reader in Microsoft Office. With font, grammar, voice, focus, and other settings, you can customize and use Immersive Reader in Word, Outlook, and OneNote.

As one of the Microsoft Learning Tools, Immersive Reader is a wonderful option for those with dyslexia or dysgraphia. But this tool is actually ideal for anyone who wants to improve their reading experience.

Immersive Reader Availability

As mentioned, Immersive Reader is currently available in Microsoft Word, Outlook, and OneNote. As of this writing, however, availability varies depending on your device.

  • Word: Online, Windows desktop, Mac, iPhone, and iPad
  • Outlook: Online and Windows desktop
  • OneNote: Online, Windows desktop (with add-in), OneNote for Windows, Mac, and iPad

Note that some features vary by application and version. Additional applications and features may be added at any time. And as a bonus, you can use Immersive Reader in Microsoft Edge, Office Lens, and Microsoft Teams.

Enable Immersive Reader

To open the tool in Word, Outlook, and OneNote, head to the View tab and click “Immersive Reader.”

On the View tab, click Immersive Reader

To open it in an Outlook email window, select the Message tab, and click “Immersive Reader.”

On the Message tab, click Immersive Reader

This displays the application window in a focused view. You can then customize Immersive Reader for text preferences, grammar options, and reading preferences.

Customize Immersive Reader

The key to using Immersive Reader is the way you customize it to fit your needs. Although Immersive Reader offers the same basic features across applications, the interface for the settings currently varies. So depending on the application and version you’re using, you’ll see one of two interfaces.

To illustrate these two views, we’ll use the Word desktop version on Windows and Word on the web.

Immersive Reader in the Word Desktop Application

In the desktop version of Word on Windows, the Immersive Reader tool has its own ribbon. This places all your settings in one handy spot. Starting on the left side, you have the following customization options on the desktop:

Column Width: Choose from four views for Very Narrow, Narrow, Moderate, and Wide.

Column Width Settings in Immersive Reader

Page Color: Pick a page background color from over a dozen options or select “More Colors” for a custom color.

Page Color Settings in Immersive Reader

Line Focus: Use One Line, Three Lines, Five Lines, or None. This highlights the number of lines you select for your focus while dimming the remaining parts of the page.

Line Focus Settings in Immersive Reader

Text Spacing: This option is simply on or off. Click “Text Spacing” to see more room around the letters and words. Click again to go back to normal view.

Text Spacing in Immersive Reader

Syllables: This setting is also an on or off option. When you click “Syllables,” you’ll see your words broken down by syllable. This offers help with pronunciation as you read each word.

Syllables in Immersive Reader

Read Aloud: If you want to hear the document read out loud to you, click “Read Aloud.” You’ll not only hear the words but see them highlighted at the same time. When the toolbar opens, click the gear icon to open the settings. You can then adjust the reading speed and voice used. Then, use the play, pause, next, or previous buttons as needed.

Read Aloud in Immersive Reader

When you finish using the tool, you can click “Close Immersive Reader” in the ribbon and return to your previous document view.

Click Close Immersive Reader

Immersive Reader in Word on the Web

In the online version of Word, Immersive Reader immediately changes your page into a large, more spacious view. You have similar customizations options, but these appear on the top right as three icons.

Immersive Reader in Word on the Web

Starting on the left side, you have the following customization options on the web:

Text Preferences: You can adjust the size of the text, spacing between letters and words, font style, and theme (background color), all in one place.

Text Preferences in Immersive Reader

Grammar Options: This area gives you simple toggles for syllables and parts of speech. If you enable a toggle for one or more parts of speech, you can select the color. You also have the option to turn on Labels, which places an abbreviation for the part of speech above the word.

Grammar Options in Immersive Reader

Reading Preferences: Like Word on the desktop, you can choose a Line Focus from one, three, or five lines. Here, you can also enable the Picture Dictionary and use the Translate feature with support for dozens of languages.

Reading Preferences in Immersive Reader

Read Aloud: Different than the desktop version, the Read Aloud feature is available on the screen at all times. Click the Play button to hear your document read to you and pause anytime. You’ll also see each word highlighted as you hear it. Click the Voice Settings icon to adjust the speed and voice selection.

Read Aloud in Immersive Reader

As you read your document with Immersive Reader, you can click a word to hear it read out loud or see images if you enable Picture Dictionary (above). Using the arrow on the top right, you can put the page in full-screen mode.

Picture Dictionary in Immersive Reader

When you finish using the tool, click the arrow on the top left. You’ll then return to your previous document view.

[mai mult...]

How to Use Together Mode in Microsoft Teams on Web

Micrsoft Teams logo with a mild shadow.

Using virtual backgrounds in Microsoft Teams does bring some variety to your video conference, but the grid layout remains the same. Change it up with Together Mode, putting everyone on the call into a single virtual scene. Here’s how to use it.

With Together Mode, the videos of the participants in a Microsoft Teams meeting appear in a shared virtual environment-like scene. Unfortunately, at the time of writing in July of 2021, Together Mode only offers one scene for the web version of Microsoft Teams.

Switching from the grid-style layout can help you make the video calls a bit more fun or different. You get a single, uniform environment view instead of a grid consisting of custom backgrounds. Together Mode is usable with Microsoft Teams web version on Microsoft Edge and Google Chrome.

[mai mult...]

How to Update Arch Linux

Arch Linux logo on a pink and white gradient

Has the time come to update your Arch Linux system? Whether you’re on pure Arch or an Arch-based distro like Manjaro and Garuda Linux, we’ll show you how to safely update your system with one or two simple commands. Keeping packages up-to-date is important on any Linux distro. Arch operates on a rolling release model, delivering bleeding-edge updates to your virtual door as soon as they’re ready. Because of that, frequent updates (combined with effective backups) are necessary to avoid a broken system and corrupt packages.

Most Arch-based distros use the pacman package manager to download and install updates, a  process technically referred to as “syncing.” You’ll use pacman commands to keep your packages synced and operational.

Note: Your user account needs sudo access to follow these instructions.

Apply a System Update on Arch Linux

To begin an update of all installed packages, open any terminal app and pass the following command:

sudo pacman -Syu

You’ll be prompted for your password before the command can proceed. This command checks for available updates. If there are any, it will list the packages, along with their new version numbers.

Enter "sudo pacman -Syu" in a terminal

You’ll then be prompted to confirm that you want to apply a full upgrade. Type y and hit Enter to confirm, or use n to cancel.

Type y and hit Enter to confirm update

If you have packages that you suspect are corrupt, you can force a database download with your update to take care of those issues. Even if no updates are available, pacman will verify the integrity of your currently installed packages. Add a second y to the string to make that happen.

sudo pacman -Syyu
How to Update a Specific Package in Arch Linux

If you only want to update a specific package, use the same command that you used to install it, replacing package_name with your choice.

sudo pacman -S package_name

Warning: We don’t recommend upgrading specific packages while ignoring other available updates often. Because of Arch’s rolling release process, cherry-picking updates can cause issues.

If you’re not sure what the name of a package is, you can search your installed packages using the -Qs flag.

pacman -Qs string

Be sure to replace string with your search term. This will search both package names and descriptions, so you should find what you’re looking for easily.

[mai mult...]

How to Sign Up for a VPN Anonymously

Silhouettes of two unknown people.

VPNs are advertised as the best—even the only—way in which you can be anonymous while browsing. However, there are two big ways you could lose anonymity: The first is the logs some VPNs keep, and the second is the VPN sign-up process itself.

How VPNs Know Who You Are

Even if you’re using the best VPN out there, with up-to-date protocols, state-of-the-art encryption, and a privacy advocate’s dream of a no-log agreement, the VPN itself knows who you are for two reasons: your email address and your payment information. Most VPNs (We’ll talk about the exceptions later.) require that you submit your email address to create an account. You probably signed up to your email provider with your real name and are using it in correspondence, giving the VPN at least one data point to connect with your account activity.

There’s also a chance that you used your email publicly somewhere, meaning that all anybody would need to do to find out more about you is to plug your email address into a Google search bar and watch the results roll in.

However, the data that can be gathered from your email address is small compared to what can be gleaned from your payment information. Most people default to their credit card or PayPal when buying stuff online, and, well, these companies know a lot about you, and they can share the information with whomever you make a payment to. They can share not just your name and email, but also, your physical address and any secondary addresses that you use. This data can be a treasure trove to the wrong company, and there are plenty of untrustworthy VPN services out there.

Change the Way That You Pay

The best way to avoid a paper trail on your payments is to use either cryptocurrency, cash, or even gift cards. As a general rule, cryptocurrency can’t be traced—not in the same way that credit card transactions can be traced, at least—meaning that you can spend it wherever and whenever and that nobody should be able to find out that it was you waving fat stacks around.

Most VPN services will accept the big names of crypto, like Bitcoin and Ethereum, or services like Bitpay that let you pay with Bitcoin at a set exchange rate. It definitely pays to check your VPN of choice first, as there are no hard and fast rules regarding which services accept what cryptocurrency. Our favorite VPN is ExpressVPN, and it lets you pay with Bitcoin, Etherium, and other cryptocurrencies.

That being said, crypto comes with two drawbacks. One is that its value relative to existing fiat currencies is unstable, meaning that you could be overpaying or underpaying from hour to hour (It pays to stay alert.). The second issue is that most cryptocurrencies aren’t anonymous so much as pseudonymous. If you use a transparent address when making your transactions, you can still be tracked.

A much more stable method and private alternative is cold, hard cash, but that comes with difficulties of its own, most notably how to get it over to your VPN provider. The only good way to get physical banknotes over to your provider is by mail, which some people might be a bit leery about thanks to the age-old advice to never send cash through the mail. However, few actual postal services seem to repeat this advice: USPS, for example, lets you insure cash if you send it registered. Unless you live in an area where mailboxes are regularly broken into, it seems safe enough to send banknotes by mail. We figure that, if it was really that bad of an idea, no VPNs would offer it as an option at all.

Still, though, only three VPN services that we know of accept cash, namely, Mullvad, IVPN, and ProtonVPN. Mullvad and IVPN only need you to send the activation token (more on that later) and the appropriate amount in any number of currencies (euros are the default), and you’ll be signed up once the payment arrives. ProtonVPN requires you to work out your cash payment details beforehand over email.

If you really want to avoid sending cash through the mail and don’t like any of the other options we mentioned, you could go old-school and use a USPS money order to pay for a service called Ghost Path. As far as we can tell, this is the only service that offers this option. Obviously, it only applies if you live in the U.S. Although we found some mention of using gift cards, paid for with cash, to sign up to several VPNs, only Private Internet Access seems to accept them. It seems that no other providers accept gift cards from any issuer anymore.

Use Disposable Email Accounts

Using an anonymous form of payment is the first and most important step to staying hidden when signing up for a VPN. The other is to hide your email address. After all, if you use crypto but also use your regular email address, then you’re not anonymous. You can fix this by using a fake account by creating a throwaway account with Gmail or Yahoo Mail without using your real name when doing so.

If you don’t fancy doing this, you can also use a service designed for throwaway email, like 10 Minute Mail or Guerilla Mail. These kinds of disposable email accounts are enough for VPN services, although you’ll need to make sure that your account info is safe (A password manager like Bitwarden or KeePass is a good option.), as you won’t be able to use the service if you ever lose your account credentials or the like.

VPNs That Don’t Need Email

If you don’t want to bother with email at all, there are a few VPN services that don’t require an email address to sign up. Examples include the aforementioned Mullvad and IVPN as well as Windscribe and cryptostorm, although that last one isn’t recommended for newbies, as it’s not exactly user-friendly.

In all cases, your account with the VPN service doesn’t use an email address, but a randomly generated code instead. Signing up to them and using either cash or crypto should mean that there’s no trace of you whatsoever, meaning that you can use your VPN in perfect anonymity—as long as you use Incognito Mode and take other measures.

[mai mult...]

How to Forget a Wi-Fi Network on Android

You’ve probably connected to many different Wi-Fi networks over time. So, how can you get your Android device to stop connecting to a specific network? You need to make your device “forget” it. When you connect to a Wi-Fi network with your Android phone, it’s saved for later. That’s what allows your device to automatically connect to the network when you’re in range. If you don’t want that to happen and you don’t plan on using the network again, you can simply “forget” it.

The process for forgetting a Wi-Fi network varies slightly depending on your specific Android device. We’ll show you how it works on a Google Pixel and a Samsung Galaxy phone.

Forget a Wi-Fi Network on a Google Pixel

First, swipe down from the top of your device’s screen twice to expand the Quick Settings panel. Tap the gear icon to open the Settings menu.

Select “Network & Internet” from the Settings.

Select "Network & Internet" from the Settings.

Tap “Wi-Fi” at the top.

Tap "Wi-Fi" at the top.

Select “Saved Networks.”

Now select "Saved Networks."

You’ll see all the networks that you’ve connected to with your device. Select the one that you want to forget.

Select the network to forget.

Tap the “Forget” button.

The network will be removed from your list and you won’t auto-connect to it anymore.

Forget a Wi-Fi Network on a Samsung Galaxy

Forgetting a network on a Samsung Galaxy works a little differently. Swipe down once from the top of your Samsung Galaxy device’s screen, and then tap the gear icon.

Select “Connections” at the top of the Settings.

Select "Connections" at the top of the Settings.

Tap “Wi-Fi” at the top.

Tap "Wi-Fi" at the top.

Tap the three-dot menu icon in the top-right corner and select “Advanced.”

Now, select “Manage Networks.”

Now select "Manage Networks."

You’ll see all the networks that you’ve connected to with your device. Select the one that you want to forget.

Select the network to forget.

Tap the “Forget” button.

Simply tap the "Forget" button.

That’s it! You probably don’t need to forget Wi-Fi networks that often, but it’s nice to know how to do it.

[mai mult...]

How to Protect Your Wi-Fi From FragAttacks

FragAttacks are a group of security vulnerabilities that can be used to attack Wi-Fi devices. Every Wi-Fi device ever created appears vulnerable, making it possible for attackers to steal sensitive data or attack devices on your network.

What Are FragAttacks?

Disclosed on May 12, 2021, FragAttacks stands for “fragmentation and aggregation attacks.” These are a collection of security vulnerabilities announced together. Three of them are design flaws with Wi-Fi itself and affect most devices that use Wi-Fi. Additionally, the researchers found programming mistakes in many Wi-Fi products. These are even easier for attackers to abuse than the design flaws in Wi-Fi itself.

The collection of vulnerabilities called FragAttacks were discovered by Mathy Vanhoef, the same security researcher who previously discovered KRACK, an attack on the WPA2 encryption protocol used to secure Wi-Fi networks.

Which Devices Are Vulnerable to FragAttacks?

According to the researchers, every Wi-Fi device ever created appears vulnerable to at least one of the FragAttacks vulnerabilities. In other words, every Wi-Fi device going back to Wi-Fi’s first release in 1997 is likely vulnerable.

That’s the bad news. The good news is that this vulnerability was discovered nine months before it was revealed to the public. In that time, many companies have already released security patches that protect their devices from FragAttacks. For example, Microsoft updated Windows with protection against FragAttacks in the update released on March 9, 2021.

What Can an Attacker Do With FragAttacks?

An attacker can do one of two things with FragAttacks. First, in the right situation, FragAttacks can be used to steal data from a Wi-Fi network that should be encrypted and protected against such an attack. (Websites and applications that use HTTPS or another type of secure encryption are protected against such an attack. But, if you’re sending unencrypted data over an encrypted Wi-Fi connection, a FragAttack could be used to bypass the Wi-Fi encryption.)

This highlights the importance of securing data being sent over a network with encryption—even if that data is just being sent between two devices on your local network. It’s also another example of why using HTTPS everywhere is so important for the future of the web. Browsers are slowly shifting away from HTTP and to HTTPS for good reason.

Second, the researchers say that the main concern is that FragAttacks could be used to launch attacks against vulnerable devices on a Wi-Fi network. Unfortunately, many smart home and IoT devices—especially those created by strange fly-by-night brands that don’t provide long-term support for their devices—do not regularly receive updates. A cheap, inexpensive smart plug or smart light bulb from an unknown brand may be easy to attack. In theory, this “shouldn’t matter” because that device is on a trusted home network—but FragAttacks offer a way to bypass the Wi-Fi network’s protection and attack a device directly, just as if the attacker were connected to the same Wi-Fi network as the device.

It’s more confirmation of the importance of security updates: The devices you choose to use should be from reputable manufacturers that provide security updates and long-term support for their hardware. This even applies to cheap Wi-Fi-enabled smart plugs. Secure your smart home.

What’s the Actual Risk?

First of all, as an attack against Wi-Fi, an attacker would have to be in the radio range of your network—in other words, in your physical vicinity—to execute an attack that used FragAttacks. In other words, if you’re in an apartment or a dense urban area, there are more people nearby and you’re at a somewhat higher risk. If you live somewhere without other people around, you’re very unlikely to be attacked.

Corporate networks and those of other institutions that might be high-value targets are clearly more at risk than an average home network, too. As of the disclosure of these flaws in May 2021, the researchers said there was no evidence any of these flaws are being exploited in the wild. So far, they appear to just be theoretical problems—but the public disclosure increases the risk that people will use them to attack networks in the real world.

So FragAttacks are a problem, but remember, this isn’t a “wormable” attack that can spread like wildfire over the internet—an attacker would have to be near you and target your network to attack your smart home devices or try to capture sensitive data. It’s very important that this flaw is disclosed and that device manufacturers issue software patches for existing devices and ensure future devices are protected, of course. And there are some things you can do to protect yourself.

How Do You Protect Yourself?

Thankfully, standard best practices for keeping your devices and network safe will also help protect you against FragAttacks. Here are the top three tips:

First, ensure the devices you’re using are getting security updates. If you’re still using a Windows 7 PC or an old version of macOS that isn’t getting updates, it’s time to upgrade. If your router is getting long in the tooth and your manufacturer never plans on updating it again, it’s time for a new router. If you have smart plugs or other old devices that aren’t getting firmware updates and likely have security flaws, you should replace them with something new.

Second, install those security updates. Modern devices will generally automatically install updates for you. However, on some devices—like routers—you have still have to click an option or tap a button to agree to install that update.

Third, use secure encryption. When signing in online, make sure you’re on an HTTPS site. Try to use HTTPS whenever possible—a browser extension like HTTPS Everywhere can help, but it’s much less necessary now that most websites you visit likely automatically use HTTPS if it’s available. Firefox can even be configured to warn you before loading websites that aren’t encrypted with HTTPS. Also, try using secure encryption everywhere: Even if you’re just transferring files between devices on your local network, use an application that offers encryption to secure that transfer. This will protect you from FragAttacks and other potential future flaws that could bypass your Wi-Fi encryption to spy on you.

Of course, a VPN can route all your traffic through an encrypted connection, so it gives you extra protection against FragAttacks if you have to access an HTTP website (or another unencrypted service) and you’re concerned about the network you’re currently using.

[mai mult...]