How to Add Multi-Color Text in PowerPoint

While picking fonts the right font for your presentation is important, you can add a fun touch by using multiple colors for the text. Here’s how to add multi-color text to a slide of your PowerPoint presentation on a desktop.

Similar to how you can highlight text on a slide, it’s also possible to apply a multi-color effect to the text and make it appear more attractive. Unfortunately, these customization options are available only in the desktop version of PowerPoint.

Add Multi-Color Text in PowerPoint

First, open PowerPoint and either open a new presentation or the one where you want to add multi-color text. Then, select the slide where you want to add the colorful text.

Select the slide where you want to add the colorful text.

On the slide, select the text you want to customize and click the “Format” tab.

Select the text you want to customize and click the "Format" tab.

From the ribbon, select “Text Fill” from the “WordArt Styles” section.

Select "Text Fill" from the "WordArt Styles" section.

When the drop-down menu opens, select “Gradient” and choose “More Gradient” from the sub-menu.

When the drop-down menu opens, select "Gradient" and choose "More Gradient" from the sub-menu.

That opens a new column titled “Format Shape” on the right-hand side, with the “Text Options” tab open since you want to change the text color. Note that the “Text Fill” section shows “Solid Fill” as the default option.

A column titled "Format Shape" on the right-hand side

Select “Gradient Fill” to reveal the options to customize the gradient style and colors.

Select "Gradient Fill" to reveal the options to customize the gradient style and colors.

Either choose a preset gradient or create a custom size as per your liking.

RELATED: How to Convert Google Slides to PowerPoint

Alternatively, you can customize your gradient. First, select the drop-down next to “Type” and choose between “Linear,” “Radial,” “Rectangular,” or “Path.”

First, select the drop-down next to "Type" and choose between "Linear," "Radial," "Rectangular," or "Path."

Under the “Gradient Stops” option, select the first pencil-like stop button on the slider. Gradient stops are the points at which one color begins to transition to the next.

Under the "Gradient stops" option, select the first pencil-like stop button on the slider.

Note: You can also click on the slider and add more stop buttons on it.

Then, select the icon next to “Color” to open the color picker and choose the color of your liking. If you’ve selected the text on the slide, it will show you the preview of the changes.

Similarly, select the rest of the stoppers and pick appropriate colors for each Gradient stop button.

You can try out the “Transparency” and “Brightness” slider to see how it impacts the color levels of the selected Gradient stop button and the text. You can see a live preview of that only if the prompt has a letter before and after it. Otherwise, you won’t see any change in the text.

Move the "Transparency" and "Brightness" sliders to adjust the appearance

That’s it. Spend some time picking appropriate colors to jazz up the text, and you can check out some tips to make better PowerPoint presentations.

[mai mult...]

How to Use Immersive Reader in Microsoft Word, Outlook, and OneNote

Immersive Reader Three Lines in Word on the Web

To make reading documents, emails, and notes easier, try Immersive Reader in Microsoft Office. With font, grammar, voice, focus, and other settings, you can customize and use Immersive Reader in Word, Outlook, and OneNote.

As one of the Microsoft Learning Tools, Immersive Reader is a wonderful option for those with dyslexia or dysgraphia. But this tool is actually ideal for anyone who wants to improve their reading experience.

Immersive Reader Availability

As mentioned, Immersive Reader is currently available in Microsoft Word, Outlook, and OneNote. As of this writing, however, availability varies depending on your device.

  • Word: Online, Windows desktop, Mac, iPhone, and iPad
  • Outlook: Online and Windows desktop
  • OneNote: Online, Windows desktop (with add-in), OneNote for Windows, Mac, and iPad

Note that some features vary by application and version. Additional applications and features may be added at any time. And as a bonus, you can use Immersive Reader in Microsoft Edge, Office Lens, and Microsoft Teams.

Enable Immersive Reader

To open the tool in Word, Outlook, and OneNote, head to the View tab and click “Immersive Reader.”

On the View tab, click Immersive Reader

To open it in an Outlook email window, select the Message tab, and click “Immersive Reader.”

On the Message tab, click Immersive Reader

This displays the application window in a focused view. You can then customize Immersive Reader for text preferences, grammar options, and reading preferences.

Customize Immersive Reader

The key to using Immersive Reader is the way you customize it to fit your needs. Although Immersive Reader offers the same basic features across applications, the interface for the settings currently varies. So depending on the application and version you’re using, you’ll see one of two interfaces.

To illustrate these two views, we’ll use the Word desktop version on Windows and Word on the web.

Immersive Reader in the Word Desktop Application

In the desktop version of Word on Windows, the Immersive Reader tool has its own ribbon. This places all your settings in one handy spot. Starting on the left side, you have the following customization options on the desktop:

Column Width: Choose from four views for Very Narrow, Narrow, Moderate, and Wide.

Column Width Settings in Immersive Reader

Page Color: Pick a page background color from over a dozen options or select “More Colors” for a custom color.

Page Color Settings in Immersive Reader

Line Focus: Use One Line, Three Lines, Five Lines, or None. This highlights the number of lines you select for your focus while dimming the remaining parts of the page.

Line Focus Settings in Immersive Reader

Text Spacing: This option is simply on or off. Click “Text Spacing” to see more room around the letters and words. Click again to go back to normal view.

Text Spacing in Immersive Reader

Syllables: This setting is also an on or off option. When you click “Syllables,” you’ll see your words broken down by syllable. This offers help with pronunciation as you read each word.

Syllables in Immersive Reader

Read Aloud: If you want to hear the document read out loud to you, click “Read Aloud.” You’ll not only hear the words but see them highlighted at the same time. When the toolbar opens, click the gear icon to open the settings. You can then adjust the reading speed and voice used. Then, use the play, pause, next, or previous buttons as needed.

Read Aloud in Immersive Reader

When you finish using the tool, you can click “Close Immersive Reader” in the ribbon and return to your previous document view.

Click Close Immersive Reader

Immersive Reader in Word on the Web

In the online version of Word, Immersive Reader immediately changes your page into a large, more spacious view. You have similar customizations options, but these appear on the top right as three icons.

Immersive Reader in Word on the Web

Starting on the left side, you have the following customization options on the web:

Text Preferences: You can adjust the size of the text, spacing between letters and words, font style, and theme (background color), all in one place.

Text Preferences in Immersive Reader

Grammar Options: This area gives you simple toggles for syllables and parts of speech. If you enable a toggle for one or more parts of speech, you can select the color. You also have the option to turn on Labels, which places an abbreviation for the part of speech above the word.

Grammar Options in Immersive Reader

Reading Preferences: Like Word on the desktop, you can choose a Line Focus from one, three, or five lines. Here, you can also enable the Picture Dictionary and use the Translate feature with support for dozens of languages.

Reading Preferences in Immersive Reader

Read Aloud: Different than the desktop version, the Read Aloud feature is available on the screen at all times. Click the Play button to hear your document read to you and pause anytime. You’ll also see each word highlighted as you hear it. Click the Voice Settings icon to adjust the speed and voice selection.

Read Aloud in Immersive Reader

As you read your document with Immersive Reader, you can click a word to hear it read out loud or see images if you enable Picture Dictionary (above). Using the arrow on the top right, you can put the page in full-screen mode.

Picture Dictionary in Immersive Reader

When you finish using the tool, click the arrow on the top left. You’ll then return to your previous document view.

[mai mult...]

How to Use Together Mode in Microsoft Teams on Web

Micrsoft Teams logo with a mild shadow.

Using virtual backgrounds in Microsoft Teams does bring some variety to your video conference, but the grid layout remains the same. Change it up with Together Mode, putting everyone on the call into a single virtual scene. Here’s how to use it.

With Together Mode, the videos of the participants in a Microsoft Teams meeting appear in a shared virtual environment-like scene. Unfortunately, at the time of writing in July of 2021, Together Mode only offers one scene for the web version of Microsoft Teams.

Switching from the grid-style layout can help you make the video calls a bit more fun or different. You get a single, uniform environment view instead of a grid consisting of custom backgrounds. Together Mode is usable with Microsoft Teams web version on Microsoft Edge and Google Chrome.

[mai mult...]

How to Update Arch Linux

Arch Linux logo on a pink and white gradient

Has the time come to update your Arch Linux system? Whether you’re on pure Arch or an Arch-based distro like Manjaro and Garuda Linux, we’ll show you how to safely update your system with one or two simple commands. Keeping packages up-to-date is important on any Linux distro. Arch operates on a rolling release model, delivering bleeding-edge updates to your virtual door as soon as they’re ready. Because of that, frequent updates (combined with effective backups) are necessary to avoid a broken system and corrupt packages.

Most Arch-based distros use the pacman package manager to download and install updates, a  process technically referred to as “syncing.” You’ll use pacman commands to keep your packages synced and operational.

Note: Your user account needs sudo access to follow these instructions.

Apply a System Update on Arch Linux

To begin an update of all installed packages, open any terminal app and pass the following command:

sudo pacman -Syu

You’ll be prompted for your password before the command can proceed. This command checks for available updates. If there are any, it will list the packages, along with their new version numbers.

Enter "sudo pacman -Syu" in a terminal

You’ll then be prompted to confirm that you want to apply a full upgrade. Type y and hit Enter to confirm, or use n to cancel.

Type y and hit Enter to confirm update

If you have packages that you suspect are corrupt, you can force a database download with your update to take care of those issues. Even if no updates are available, pacman will verify the integrity of your currently installed packages. Add a second y to the string to make that happen.

sudo pacman -Syyu
How to Update a Specific Package in Arch Linux

If you only want to update a specific package, use the same command that you used to install it, replacing package_name with your choice.

sudo pacman -S package_name

Warning: We don’t recommend upgrading specific packages while ignoring other available updates often. Because of Arch’s rolling release process, cherry-picking updates can cause issues.

If you’re not sure what the name of a package is, you can search your installed packages using the -Qs flag.

pacman -Qs string

Be sure to replace string with your search term. This will search both package names and descriptions, so you should find what you’re looking for easily.

[mai mult...]

How to Sign Up for a VPN Anonymously

Silhouettes of two unknown people.

VPNs are advertised as the best—even the only—way in which you can be anonymous while browsing. However, there are two big ways you could lose anonymity: The first is the logs some VPNs keep, and the second is the VPN sign-up process itself.

How VPNs Know Who You Are

Even if you’re using the best VPN out there, with up-to-date protocols, state-of-the-art encryption, and a privacy advocate’s dream of a no-log agreement, the VPN itself knows who you are for two reasons: your email address and your payment information. Most VPNs (We’ll talk about the exceptions later.) require that you submit your email address to create an account. You probably signed up to your email provider with your real name and are using it in correspondence, giving the VPN at least one data point to connect with your account activity.

There’s also a chance that you used your email publicly somewhere, meaning that all anybody would need to do to find out more about you is to plug your email address into a Google search bar and watch the results roll in.

However, the data that can be gathered from your email address is small compared to what can be gleaned from your payment information. Most people default to their credit card or PayPal when buying stuff online, and, well, these companies know a lot about you, and they can share the information with whomever you make a payment to. They can share not just your name and email, but also, your physical address and any secondary addresses that you use. This data can be a treasure trove to the wrong company, and there are plenty of untrustworthy VPN services out there.

Change the Way That You Pay

The best way to avoid a paper trail on your payments is to use either cryptocurrency, cash, or even gift cards. As a general rule, cryptocurrency can’t be traced—not in the same way that credit card transactions can be traced, at least—meaning that you can spend it wherever and whenever and that nobody should be able to find out that it was you waving fat stacks around.

Most VPN services will accept the big names of crypto, like Bitcoin and Ethereum, or services like Bitpay that let you pay with Bitcoin at a set exchange rate. It definitely pays to check your VPN of choice first, as there are no hard and fast rules regarding which services accept what cryptocurrency. Our favorite VPN is ExpressVPN, and it lets you pay with Bitcoin, Etherium, and other cryptocurrencies.

That being said, crypto comes with two drawbacks. One is that its value relative to existing fiat currencies is unstable, meaning that you could be overpaying or underpaying from hour to hour (It pays to stay alert.). The second issue is that most cryptocurrencies aren’t anonymous so much as pseudonymous. If you use a transparent address when making your transactions, you can still be tracked.

A much more stable method and private alternative is cold, hard cash, but that comes with difficulties of its own, most notably how to get it over to your VPN provider. The only good way to get physical banknotes over to your provider is by mail, which some people might be a bit leery about thanks to the age-old advice to never send cash through the mail. However, few actual postal services seem to repeat this advice: USPS, for example, lets you insure cash if you send it registered. Unless you live in an area where mailboxes are regularly broken into, it seems safe enough to send banknotes by mail. We figure that, if it was really that bad of an idea, no VPNs would offer it as an option at all.

Still, though, only three VPN services that we know of accept cash, namely, Mullvad, IVPN, and ProtonVPN. Mullvad and IVPN only need you to send the activation token (more on that later) and the appropriate amount in any number of currencies (euros are the default), and you’ll be signed up once the payment arrives. ProtonVPN requires you to work out your cash payment details beforehand over email.

If you really want to avoid sending cash through the mail and don’t like any of the other options we mentioned, you could go old-school and use a USPS money order to pay for a service called Ghost Path. As far as we can tell, this is the only service that offers this option. Obviously, it only applies if you live in the U.S. Although we found some mention of using gift cards, paid for with cash, to sign up to several VPNs, only Private Internet Access seems to accept them. It seems that no other providers accept gift cards from any issuer anymore.

Use Disposable Email Accounts

Using an anonymous form of payment is the first and most important step to staying hidden when signing up for a VPN. The other is to hide your email address. After all, if you use crypto but also use your regular email address, then you’re not anonymous. You can fix this by using a fake account by creating a throwaway account with Gmail or Yahoo Mail without using your real name when doing so.

If you don’t fancy doing this, you can also use a service designed for throwaway email, like 10 Minute Mail or Guerilla Mail. These kinds of disposable email accounts are enough for VPN services, although you’ll need to make sure that your account info is safe (A password manager like Bitwarden or KeePass is a good option.), as you won’t be able to use the service if you ever lose your account credentials or the like.

VPNs That Don’t Need Email

If you don’t want to bother with email at all, there are a few VPN services that don’t require an email address to sign up. Examples include the aforementioned Mullvad and IVPN as well as Windscribe and cryptostorm, although that last one isn’t recommended for newbies, as it’s not exactly user-friendly.

In all cases, your account with the VPN service doesn’t use an email address, but a randomly generated code instead. Signing up to them and using either cash or crypto should mean that there’s no trace of you whatsoever, meaning that you can use your VPN in perfect anonymity—as long as you use Incognito Mode and take other measures.

[mai mult...]

How to Forget a Wi-Fi Network on Android

You’ve probably connected to many different Wi-Fi networks over time. So, how can you get your Android device to stop connecting to a specific network? You need to make your device “forget” it. When you connect to a Wi-Fi network with your Android phone, it’s saved for later. That’s what allows your device to automatically connect to the network when you’re in range. If you don’t want that to happen and you don’t plan on using the network again, you can simply “forget” it.

The process for forgetting a Wi-Fi network varies slightly depending on your specific Android device. We’ll show you how it works on a Google Pixel and a Samsung Galaxy phone.

Forget a Wi-Fi Network on a Google Pixel

First, swipe down from the top of your device’s screen twice to expand the Quick Settings panel. Tap the gear icon to open the Settings menu.

Select “Network & Internet” from the Settings.

Select "Network & Internet" from the Settings.

Tap “Wi-Fi” at the top.

Tap "Wi-Fi" at the top.

Select “Saved Networks.”

Now select "Saved Networks."

You’ll see all the networks that you’ve connected to with your device. Select the one that you want to forget.

Select the network to forget.

Tap the “Forget” button.

The network will be removed from your list and you won’t auto-connect to it anymore.

Forget a Wi-Fi Network on a Samsung Galaxy

Forgetting a network on a Samsung Galaxy works a little differently. Swipe down once from the top of your Samsung Galaxy device’s screen, and then tap the gear icon.

Select “Connections” at the top of the Settings.

Select "Connections" at the top of the Settings.

Tap “Wi-Fi” at the top.

Tap "Wi-Fi" at the top.

Tap the three-dot menu icon in the top-right corner and select “Advanced.”

Now, select “Manage Networks.”

Now select "Manage Networks."

You’ll see all the networks that you’ve connected to with your device. Select the one that you want to forget.

Select the network to forget.

Tap the “Forget” button.

Simply tap the "Forget" button.

That’s it! You probably don’t need to forget Wi-Fi networks that often, but it’s nice to know how to do it.

[mai mult...]

How to Protect Your Wi-Fi From FragAttacks

FragAttacks are a group of security vulnerabilities that can be used to attack Wi-Fi devices. Every Wi-Fi device ever created appears vulnerable, making it possible for attackers to steal sensitive data or attack devices on your network.

What Are FragAttacks?

Disclosed on May 12, 2021, FragAttacks stands for “fragmentation and aggregation attacks.” These are a collection of security vulnerabilities announced together. Three of them are design flaws with Wi-Fi itself and affect most devices that use Wi-Fi. Additionally, the researchers found programming mistakes in many Wi-Fi products. These are even easier for attackers to abuse than the design flaws in Wi-Fi itself.

The collection of vulnerabilities called FragAttacks were discovered by Mathy Vanhoef, the same security researcher who previously discovered KRACK, an attack on the WPA2 encryption protocol used to secure Wi-Fi networks.

Which Devices Are Vulnerable to FragAttacks?

According to the researchers, every Wi-Fi device ever created appears vulnerable to at least one of the FragAttacks vulnerabilities. In other words, every Wi-Fi device going back to Wi-Fi’s first release in 1997 is likely vulnerable.

That’s the bad news. The good news is that this vulnerability was discovered nine months before it was revealed to the public. In that time, many companies have already released security patches that protect their devices from FragAttacks. For example, Microsoft updated Windows with protection against FragAttacks in the update released on March 9, 2021.

What Can an Attacker Do With FragAttacks?

An attacker can do one of two things with FragAttacks. First, in the right situation, FragAttacks can be used to steal data from a Wi-Fi network that should be encrypted and protected against such an attack. (Websites and applications that use HTTPS or another type of secure encryption are protected against such an attack. But, if you’re sending unencrypted data over an encrypted Wi-Fi connection, a FragAttack could be used to bypass the Wi-Fi encryption.)

This highlights the importance of securing data being sent over a network with encryption—even if that data is just being sent between two devices on your local network. It’s also another example of why using HTTPS everywhere is so important for the future of the web. Browsers are slowly shifting away from HTTP and to HTTPS for good reason.

Second, the researchers say that the main concern is that FragAttacks could be used to launch attacks against vulnerable devices on a Wi-Fi network. Unfortunately, many smart home and IoT devices—especially those created by strange fly-by-night brands that don’t provide long-term support for their devices—do not regularly receive updates. A cheap, inexpensive smart plug or smart light bulb from an unknown brand may be easy to attack. In theory, this “shouldn’t matter” because that device is on a trusted home network—but FragAttacks offer a way to bypass the Wi-Fi network’s protection and attack a device directly, just as if the attacker were connected to the same Wi-Fi network as the device.

It’s more confirmation of the importance of security updates: The devices you choose to use should be from reputable manufacturers that provide security updates and long-term support for their hardware. This even applies to cheap Wi-Fi-enabled smart plugs. Secure your smart home.

What’s the Actual Risk?

First of all, as an attack against Wi-Fi, an attacker would have to be in the radio range of your network—in other words, in your physical vicinity—to execute an attack that used FragAttacks. In other words, if you’re in an apartment or a dense urban area, there are more people nearby and you’re at a somewhat higher risk. If you live somewhere without other people around, you’re very unlikely to be attacked.

Corporate networks and those of other institutions that might be high-value targets are clearly more at risk than an average home network, too. As of the disclosure of these flaws in May 2021, the researchers said there was no evidence any of these flaws are being exploited in the wild. So far, they appear to just be theoretical problems—but the public disclosure increases the risk that people will use them to attack networks in the real world.

So FragAttacks are a problem, but remember, this isn’t a “wormable” attack that can spread like wildfire over the internet—an attacker would have to be near you and target your network to attack your smart home devices or try to capture sensitive data. It’s very important that this flaw is disclosed and that device manufacturers issue software patches for existing devices and ensure future devices are protected, of course. And there are some things you can do to protect yourself.

How Do You Protect Yourself?

Thankfully, standard best practices for keeping your devices and network safe will also help protect you against FragAttacks. Here are the top three tips:

First, ensure the devices you’re using are getting security updates. If you’re still using a Windows 7 PC or an old version of macOS that isn’t getting updates, it’s time to upgrade. If your router is getting long in the tooth and your manufacturer never plans on updating it again, it’s time for a new router. If you have smart plugs or other old devices that aren’t getting firmware updates and likely have security flaws, you should replace them with something new.

Second, install those security updates. Modern devices will generally automatically install updates for you. However, on some devices—like routers—you have still have to click an option or tap a button to agree to install that update.

Third, use secure encryption. When signing in online, make sure you’re on an HTTPS site. Try to use HTTPS whenever possible—a browser extension like HTTPS Everywhere can help, but it’s much less necessary now that most websites you visit likely automatically use HTTPS if it’s available. Firefox can even be configured to warn you before loading websites that aren’t encrypted with HTTPS. Also, try using secure encryption everywhere: Even if you’re just transferring files between devices on your local network, use an application that offers encryption to secure that transfer. This will protect you from FragAttacks and other potential future flaws that could bypass your Wi-Fi encryption to spy on you.

Of course, a VPN can route all your traffic through an encrypted connection, so it gives you extra protection against FragAttacks if you have to access an HTTP website (or another unencrypted service) and you’re concerned about the network you’re currently using.

[mai mult...]

How to Reset Your Advertising ID on Android

The phone in your pocket has a unique “Advertising ID” that lets advertising companies track your app activity. While you can’t remove this ID, you can reset it to erase all your activity.

Advertising IDs are present on iPhones, iPads, Windows PCs, and Android devices. They work similarly to “cookies” in web browsers. Your activity is tracked, shared—and sometimes sold—and then used to deliver up ads that you’re more likely to click. You can’t remove or disable the advertising ID entirely. The best that you can do is to “reset” the ID. This wipes the slate clean, and if you do it regularly, you won’t build up a big log of information. You can also opt out of personalized ads.

First, swipe down from the top of the screen once or twice, and then tap the gear icon to open the Settings menu.

Scroll down and select the “Google” settings.

Select the "Google" settings.

Next, select “Ads.”

Select "Ads."

Tap “Reset Advertising ID.”

First, tap "Reset Advertising ID."

Select “OK” from the confirmation pop-up.

Select "OK" from the confirmation pop-up.

Toggle the switch on for “Opt Out of Ads Personalization.”

Now toggle the switch on for "Opt Out of Ads Personalization."

Select “OK” from the confirmation pop-up.

Select "OK" from the confirmation pop-up.

That’s all there is to it! Getting ads that are more likely to be relevant to your interests might not sound awful, but there are obvious privacy concerns involved. You’ve taken back a little bit of your privacy.

[mai mult...]

How to Reset Your Advertising ID on iPhone

Advertising IDs are used by companies to send you targeted ads based on your activity. Each iPhone has its own unique advertising ID—at least, they used to. Can you still reset the ID on your iPhone or iPad?

The idea behind an advertising ID is similar to the one behind browser cookies. Companies use things like your location, shopping habits, and app usage to show you ads that you’re more likely to interact with. If you care about privacy, it’s something to think about. There’s good news for iPhone users, though. Starting in iOS 14, apps are forced to ask before they can track your activity. You no longer have to worry about “resetting” your advertising ID. In fact, you can even stop all apps from requesting to track you.

What you can still do is turn off personalized ads. This will limit the number of targeted ads that you see, but not the number of total ads.

  • First, open the “Settings” app from your iPhone or iPad home screen.

Open the "Settings" app.

Select “Privacy” from the Settings.

Select "Privacy" from the menu.

Tap “Apple Advertising” at the bottom.

Now tap "Apple Advertising" at the bottom.

Simply toggle off the switch for “Personalized Ads.”

Simply toggle off the switch for "Personalized Ads."

That’s all there is to it! Apple has done a lot to limit how apps can track you, which makes things like advertising IDs less scary on iPhones.

[mai mult...]

How to Protect Your Wi-Fi From FragAttacks

A man face-palming behind a router with a FragAttack logo.

FragAttacks are a group of security vulnerabilities that can be used to attack Wi-Fi devices. Every Wi-Fi device ever created appears vulnerable, making it possible for attackers to steal sensitive data or attack devices on your network.

Disclosed on May 12, 2021, FragAttacks stands for “fragmentation and aggregation attacks.” These are a collection of security vulnerabilities announced together. Three of them are design flaws with Wi-Fi itself and affect most devices that use Wi-Fi. Additionally, the researchers found programming mistakes in many Wi-Fi products. These are even easier for attackers to abuse than the design flaws in Wi-Fi itself.

The collection of vulnerabilities called FragAttacks were discovered by Mathy Vanhoef, the same security researcher who previously discovered KRACK, an attack on the WPA2 encryption protocol used to secure Wi-Fi networks.

Which Devices Are Vulnerable to FragAttacks?

According to the researchers, every Wi-Fi device ever created appears vulnerable to at least one of the FragAttacks vulnerabilities. In other words, every Wi-Fi device going back to Wi-Fi’s first release in 1997 is likely vulnerable.

That’s the bad news. The good news is that this vulnerability was discovered nine months before it was revealed to the public. In that time, many companies have already released security patches that protect their devices from FragAttacks. For example, Microsoft updated Windows with protection against FragAttacks in the update released on March 9, 2021.

What Can an Attacker Do With FragAttacks?

An attacker can do one of two things with FragAttacks. First, in the right situation, FragAttacks can be used to steal data from a Wi-Fi network that should be encrypted and protected against such an attack. (Websites and applications that use HTTPS or another type of secure encryption are protected against such an attack. But, if you’re sending unencrypted data over an encrypted Wi-Fi connection, a FragAttack could be used to bypass the Wi-Fi encryption.)

What’s the Actual Risk?

First of all, as an attack against Wi-Fi, an attacker would have to be in the radio range of your network—in other words, in your physical vicinity—to execute an attack that used FragAttacks. In other words, if you’re in an apartment or a dense urban area, there are more people nearby and you’re at a somewhat higher risk. If you live somewhere without other people around, you’re very unlikely to be attacked.

Corporate networks and those of other institutions that might be high-value targets are clearly more at risk than an average home network, too. As of the disclosure of these flaws in May 2021, the researchers said there was no evidence any of these flaws are being exploited in the wild. So far, they appear to just be theoretical problems—but the public disclosure increases the risk that people will use them to attack networks in the real world.

So FragAttacks are a problem, but remember, this isn’t a “wormable” attack that can spread like wildfire over the internet—an attacker would have to be near you and target your network to attack your smart home devices or try to capture sensitive data. It’s very important that this flaw is disclosed and that device manufacturers issue software patches for existing devices and ensure future devices are protected, of course. And there are some things you can do to protect yourself.

How Do You Protect Yourself?

Thankfully, standard best practices for keeping your devices and network safe will also help protect you against FragAttacks. Here are the top three tips:

First, ensure the devices you’re using are getting security updates. If you’re still using a Windows 7 PC or an old version of macOS that isn’t getting updates, it’s time to upgrade. If your router is getting long in the tooth and your manufacturer never plans on updating it again, it’s time for a new router. If you have smart plugs or other old devices that aren’t getting firmware updates and likely have security flaws, you should replace them with something new. Second, install those security updates. Modern devices will generally automatically install updates for you. However, on some devices—like routers—you have still have to click an option or tap a button to agree to install that update.

Third, use secure encryption. When signing in online, make sure you’re on an HTTPS site. Try to use HTTPS whenever possible—a browser extension like HTTPS Everywhere can help, but it’s much less necessary now that most websites you visit likely automatically use HTTPS if it’s available. Firefox can even be configured to warn you before loading websites that aren’t encrypted with HTTPS. Also, try using secure encryption everywhere: Even if you’re just transferring files between devices on your local network, use an application that offers encryption to secure that transfer. This will protect you from FragAttacks and other potential future flaws that could bypass your Wi-Fi encryption to spy on you.

Of course, a VPN can route all your traffic through an encrypted connection, so it gives you extra protection against FragAttacks if you have to access an HTTP website (or another unencrypted service) and you’re concerned about the network you’re currently using.

So that’s it: Use devices that are getting updates, install security updates, and use encryption when connecting to websites and transferring data. Thankfully, FragAttacks aren’t yet being used in the wild. Of course, people who handle security for corporate IT departments will have a huge job ahead of them in ensuring their infrastructure isn’t vulnerable to these flaws.

[mai mult...]