 Whether you’re on the hunt for PS5 restock, Xbox Series X restock, or an Nvidia RTX 3080, you’ve probably had a pretty miserable time of it. Game consoles come and go within minutes, from retailers large and small. GPUs from Nvidia and AMD seem even scarcer, with enthusiasts camping out in front of stores, or simply paying exorbitant prices for third-party gear. On the one hand, we expect newly released electronics to be scarce. Eager early adopters almost always snatch up all available stock on a hot new gadget. But then, over time, the demand levels off, and the supply increases, and you can walk into any store and walk out with a smartphone, or a game console, or a computer part. And yet, gadget-hunting in 2021 feels different so far. More than six months later, finding a PS5 or Xbox Series X requires setting aside hours of your day to constantly refresh a page, and hoping against hope that scalper bots don’t steal a console right out of your shopping cart. GPUs like the Nvidia GeForce RTX 3080 and the AMD RX 6800 are even rarer, thanks to shady cryptocurrency miners. After all, who’s got time to play fun games when you can strike it rich with Dogecoin? Unfortunately, as 2021 continues, it’s beginning to look more and more like game consoles and GPUs won’t be widely available anytime soon, largely due to the worldwide semiconductor shortage. For the moment, high-end gaming systems are, essentially, rare luxury goods, instead of everyday consumer items. And the sooner we start viewing them as such, the happier we’ll all be. The reason why no one can find a PS5, Xbox Series X, or GPU is almost disappointingly prosaic. It’s because manufacturers can’t supply enough parts to get them built. Everything boils down to a type of computer component known as a semiconductor. To simplify things considerably, semiconductors help bridge the gap between metallic conductors and nonreactive insulators. They’re the reason why our electronics don’t short out from too much current or fail to function from a lack of current. In products that rely on sensitive computerized equipment — game consoles and GPUs, yes, but also cars, washing machines, and cameras — semiconductors are arguably as integral as the microchips themselves. At present, the whole world is living through a severe semiconductor shortage. If you guessed that it’s largely due to the COVID-19 pandemic, you guessed correctly. Many factories either shut down or didn’t run at full capacity, for quite some time last year. To exacerbate matters further, consumers didn’t buy much when the pandemic began, leading manufacturers to cut their semiconductor orders. Not only has demand outstripped supply; the supply itself is smaller than it really should have been. There are other reasons for the shortage, too, from then-president Donald Trump’s restrictions on the Chinese semiconductor trade to a fire at a Japanese manufacturing plant, to reduced global shipping causing bottlenecks. In other words, the semiconductor shortage is a perfect storm of public health, international relations, logistics, and bad luck. If you’ve been glued to Twitter, hoping against hope for the next PS5 restock, or perusing your local Best Buy every morning in hopes of an RTX 3080 resupply, you’re very well aware that the odds are against you. The demand for new gaming gear is huge; the supply of new gaming gear is extremely limited. The demand should decrease slightly as more and more people actually find the hardware they’re looking for. But with each new restock still selling out within minutes, it doesn’t seem like the situation is improving quickly enough to make a difference for most prospective buyers. At the risk of being the resident Tom’s Guide doomsayer, I don’t see the situation for PS5, Xbox Series X, or high-end GPUs improving much within the next few months. Readers have two options for dealing with this bad news. They can redouble their efforts, making our friend Matt Swider’s Twitter profile (which tracks console restocks day and night) into their homepage, setting up accounts at every major retailer in advance, keeping multiple machines glued to the Best Buy home page all day, and fighting off the thousands of other people in exactly the same position, every single day until something clicks. And, to be honest, if you treat finding a new console like a second job, you can probably secure one. It’s not hard; it’s just very tedious. More details are posted on OUR FORUM.  It’s the messaging app that connects a quarter of the world’s population, but many Americans still have haven’t heard of WhatsApp. That’s because most phone plans in the United States provide a standard flat rate for texting that allows people to communicate freely within the country. But throughout much of the world, including many of the world’s poorest countries, people are charged for every single message they send and receive. That is why, since its launch in 2009, WhatsApp has become a vital resource for billions of people – and they are prepared to defend it. When the Lebanese government tried to bring in a “WhatsApp tax”, charging $0.20 daily for calls made on the app, it helped trigger the mass protests that swept the country in 2019. One thing that does connect Americans to WhatsApp users, however, is Facebook chief executive Mark Zuckerberg and his flagrant disregard for data privacy. Facebook acquired WhatsApp in 2014 in a move to consolidate control over global communications. Now Zuckerberg is moving ahead with a change to WhatsApp’s privacy policy that aims to commercialize our communications in order to feed Facebook’s insatiable greed. At the time of WhatsApp’s purchase in 2014, the app did not collect phone numbers, metadata, or other contact information. Facebook promised to keep it this way. “We are absolutely not going to change plans around WhatsApp and the way it uses user data,” Zuckerberg claimed. “WhatsApp is going to operate completely autonomously.” Yet on 15 May, when Zuckerberg implements a new privacy update, this will be just one more in a series of his broken promises on data privacy. In 2016, WhatsApp implemented an update to its terms and conditions that allowed data like a user’s phone number to be shared with Facebook. Users were technically given 30 days’ notice to opt out. However, many were unaware of the possible opt-out and missed the small window in which they could do so, while the approximately one billion users who joined since were given no choice at all. WhatsApp announced its latest privacy update in January, with changes initially meant to take effect on 8 February. However, a popular outcry pushed the date back to 15 May, with Facebook no doubt hoping that public outrage would fade, paving the way for a quiet implementation. But public outrage has not faded. And so Facebook has opted for a familiar tactic: sow confusion and force through its new policy change anyway. The company is pestering WhatsApp users to accept the policy change by 15 May or, under a new opaque timeframe, a few additional weeks. Those who ignore or refuse the decision will lose access to basic WhatsApp functioning. Time is now running for Zuckerberg to reverse course in this latest assault on global communications – and protect the privacy of all WhatsApp users at this critical hour for democracy and dissent around the world. Facebook, for its part, has spent the months since the announcement downplaying the significance of these privacy updates by arguing that its latest changes will only affect communication with business accounts (WhatsApp Business was launched in January 2018). In truth, the changes will allow Facebook to collect payment and transaction data from WhatsApp users, meaning Facebook will be able to gather even more data and target users with ever more personalized ads. WhatsApp has also removed a passage in its privacy policy about opting out of sharing data with Facebook. Facebook argues that this simply reflects what’s been in place since 2016. That is exactly the problem.Today’s WhatsApp shares a great deal of information with Facebook it promised it wouldn’t, including account information, phone numbers, how often and how long people use WhatsApp, information about how they interact with other users, IP addresses, browser details, language, time zone, etc. This latest incursion has highlighted just how much data sharing has been going on for years without most users’ knowledge. Learn more when you visit OUR Forum.  Security researcher Mathy Vanhoef, who loves to poke holes in Wi-Fi security, is at it again, this time finding a dozen flaws that stretch back to cover WEP and seemingly impact every device that makes use of Wi-Fi. Thankfully, as Vanhoef explained, many of the attacks are hard to abuse and require user interaction, while others remain trivial. Another positive is Microsoft shipped its patches on March 9, while a patch to the Linux kernel is working its way through the release system. The details of FragAttacks follow a nine-month embargo to give vendors time to create patches. "An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices," Vanhoef said in a blog post. "Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities." Several of the identified flaws relate to the ability to inject plaintext frames, as well as certain devices accepting any unencrypted frame or accept plaintext aggregated frames that look like handshake messages. Vanhoef demonstrated how this could be used to punch a hole in a firewall and thereby take over a vulnerable Windows 7 machine. "The biggest risk in practice is likely the ability to abuse the discovered flaws to attack devices in someone's home network," the security researcher wrote. "For instance, many smart homes and internet-of-things devices are rarely updated, and Wi-Fi security is the last line of defense that prevents someone from attacking these devices. Unfortunately ... this last line of defense can now be bypassed." Other vulnerabilities relate to how Wi-Fi frames are fragmented and how receivers reassemble them, allowing an attacker to exfiltrate data. Even devices that do not support fragmentation were at risk. "Some devices don't support fragmentation or aggregation but are still vulnerable to attacks because they process fragmented frames as full frames," Vanhoef wrote. "Under the right circumstances, this can be abused to inject packets." Some networking vendors such as Cisco and Juniper are starting to push patches for some of their impacted products, while Sierra has planned some of its products to be updated over the next year, and others will not be fixed. The CVEs registered to due FragAttacks have been given a medium severity rating and have CVSS scores sitting between 4.8 to 6.5. "There is no evidence of the vulnerabilities being used against Wi-Fi users maliciously, and these issues are mitigated through routine device updates that enable detection of suspect transmissions or improve adherence to recommended security implementation practices," the Wi-Fi Alliance wrote. Vanhoef said anyone with unpatched devices can protect against data exfiltration by using http connections. "To mitigate attacks where your router's NAT/firewall is bypassed and devices are directly attacked, you must assure that all your devices are updated. Unfortunately, not all products regularly receive updates, in particular smart or internet-of-things devices, in which case it is difficult (if not impossible) to properly secure them," the researcher wrote. "More technically, the impact of attacks can also be reduced by manually configuring your DNS server so that it cannot be poisoned. Specific to your Wi-Fi configuration, you can mitigate attacks (but not fully prevent them) by disabling fragmentation, disabling pairwise rekeys, and disabling dynamic fragmentation in Wi-Fi 6 (802.11ax) devices." Follow this thread on OUR FORUM. |
Latest Articles
|