If you connect to the internet over WIFI, you need to pay attention to this. There is a vulnerability in the software your computer uses to connect to WIFI that allows anyone who is within physical proximity of your WIFI network to potentially:
"...steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."
Here's what I recommend:
* Don't panic! The attacker must be physically close enough to connect to your wifi network. If you're a home network user, you're probably not at high risk of attack. (Though you should fix the problem--it's the internet equivalent of leaving your front door unlocked.)
* Install the HTTPS Everywhere browser plugin (https://www.eff.org/https-everywhere). The HTTPS Everywhere plugin forces your browser to make encrypted connections (https://) instead of an unencrypted connection (http://). Most websites that handle sensitive information already enforce this policy, but this plugin makes sure that it happens.
* Install and use a VPN service on each of your computers. NordVPN (https://nordvpn.com/) is a reasonable choice--they have a large network, and support multiple devices on a single account. A VPN will encrypt all of your incoming or outgoing traffic, so that even if an attacker compromises your WIFI network, they won't be able to read anything of value.
* Update your computer's operating system to patch the vulnerability as soon as it becomes available. (i.e. don't put off installing the system updates your OS is nagging you about).
* Update your router's firmware as soon as the manufacturer releases a patch. You can track announcements about firmware patches here:
https://www.reddit.com/r/KRaCK/
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
"...steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."
Here's what I recommend:
* Don't panic! The attacker must be physically close enough to connect to your wifi network. If you're a home network user, you're probably not at high risk of attack. (Though you should fix the problem--it's the internet equivalent of leaving your front door unlocked.)
* Install the HTTPS Everywhere browser plugin (https://www.eff.org/https-everywhere). The HTTPS Everywhere plugin forces your browser to make encrypted connections (https://) instead of an unencrypted connection (http://). Most websites that handle sensitive information already enforce this policy, but this plugin makes sure that it happens.
* Install and use a VPN service on each of your computers. NordVPN (https://nordvpn.com/) is a reasonable choice--they have a large network, and support multiple devices on a single account. A VPN will encrypt all of your incoming or outgoing traffic, so that even if an attacker compromises your WIFI network, they won't be able to read anything of value.
* Update your computer's operating system to patch the vulnerability as soon as it becomes available. (i.e. don't put off installing the system updates your OS is nagging you about).
* Update your router's firmware as soon as the manufacturer releases a patch. You can track announcements about firmware patches here:
https://www.reddit.com/r/KRaCK/
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/