Remember AlphaGo, the first artificial intelligence to defeat a grandmaster at Go? Well, the program just got a major upgrade, and it can now teach itself how to dominate the game without any human intervention. But get this: In a tournament that pitted AI against AI, this juiced-up version, called AlphaGo Zero, defeated the regular AlphaGo by a whopping 100 games to 0, signifying a major advance in the field.

A new paper published in Nature todaydescribes how the artificially intelligent system that defeated Go grandmaster Lee Sedol in 2016 got its digital arse kicked by a new-and-improved version of itself. And it didn't just lose by a little -- it couldn't even muster a single win after playing a hundred games.

Read more here.

The new opt-in program requires authentication with a physical security key.

Today, Google rolled out a new program called Advanced Protection for personal Google accounts, intended to provide much higher account security to users of services like Gmail and Drive who are at a high risk of being targeted by phishers, hackers, and others seeking their personal data. The opt-in program makes Google services much less convenient to use, but it's built to prevent the sorts of breaches that have been making recent headlines.

Examples of users who could benefit include journalists, politicians, and other public figures who may be running up against hostile actors with considerable resources—and also for private individuals in dangerous situations, like those escaping abusive relationships. In its blog post announcing this program, Google specifically named "political campaign managers," which harkens back to the breach of Hillary Clinton Presidential Campaign Chairman John Podesta's e-mails, which led to a release from WikiLeaks that may have played a significant role in the US presidential election last year.

And yes, Podesta could have avoided that particular breach had he been using this new program. That's because the Advanced Protection Program goes beyond digital two-factor authentication by requiring a physical security key in addition to your password to log in. This isn't a new idea, of course, even on the consumer side of things. Facebook has offered something similar, and even video game company Blizzard has offered one to gamers who want to protect their World of Warcraftaccounts for years. In this case, the security key is a USB stick or wireless Bluetooth device that works with FIDO Universal 2nd Factor (U2F).

That's not the only element of the program, though. When you opt in to Advanced Protection, your Google account will limit data access to just a few apps to protect sensitive information in your Gmail inbox or Google Drive. That means almost all apps and services that you might normally give access to any aspect of your Google account will automatically be rejected. To start, only Google services will be granted access, but the company says it is exploring adding some trusted partners as well.

Finally, Google will take extra steps to verify your identity should you lose access to your account. The company says regaining access will take days, though it hasn't said what the verification steps are. The Advanced Protection Program is only available to individual personal accounts presently, though Google offers OAuth whitelisting and other features to enterprise customers that provide similar kinds of protection with greater control for administrators.

The company last week quietly patched vulnerabilities in the WPA2 protocol used to secure wireless networks, but did not reveal the fix until today.

Microsoft today revealed that it quietly patched Windows last week against vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol used to secure wireless networks.

Details of the security update were only published Monday to Microsoft's Security Update Guide, the catalog-like portal that earlier this yearreplaced the decades-old practice of delivering explanatory bulletins.

All supported versions of Windows received the update, according to the catalog listing, including Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012 and Windows Server 2016.

The vulnerabilities were revealed today by Mathy Vanhoef, a researcher at Katholieke Universiteit Leuven in Belgium. On a website that went live Monday, Vanhoef said that weaknesses in WPA2 allowed criminals to read information transmitted over a Wi-Fi network thought to be encrypted by the protocol.

"

Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted," Vanhoef wrote on the site. "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on."

Vanhoef dubbed the attack "Krack," for "Key Reinstallation Attacks."

Microsoft included the anti-Krack update in its October security slate released on Oct. 10, but the company held the news until today because information about Krack was scheduled to be issued this morning by Vanhoef, numerous security organizations and multiple vendors. "In partnership with the International Consortium for Advancement of Cybersecurity on the Internet (ICASI), Microsoft participated in a multi-vendor coordinated disclosure to acknowledge and describe several Wi-Fi Protected Access (WPA) vulnerabilities," Microsoft said in its update description.

The Windows security updates patched the client and server flavors of Microsoft's OS, but even then, users may be at risk, the firm warned. "When affected Windows-based systems enter a connected standby mode in low-power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware," Microsoft said. "To fully address potential vulnerabilities, you are also encouraged to contact your Wi-Fi hardware vendor to obtain updated device drivers."

Windows PCs with Automatic Updates enabled have probably received the patches by this point. Managed devices must get the green light from IT personnel, as usual.

Vanhoef and Frank Piessens, another security researcher at Katholieke Universiteit Leuven, will present a paper on Krack Nov. 1 at a conference in Dallas, Texas. The paper can be found here.

A huge flaw in Wi-Fi devices using WPA and WPA2 security encryption was exposed by Mathy Vanhoef, working out of KU Leuven, yesterday. Attackers can use this flaw to steal sensitive data – passwords, credit card numbers, emails – or inject malicious software into websites. If you’re using an Android device, an attack could be “exceptionally devastating”.

Here’s what you need to know.

What Is KRACK?

KRACK stands for Key Reinstallation Attack. In short, it is an exploit that takes advantage of the WPA2 protocol - the protocol most internet users are currently utilising to encrypt the information they send when online. It is directed at a process known as a 4-way handshake that all protected WPA2 Wi-Fi networks use.

This 'handshake' acts like a secret greeting between a client (such as your smartphone, laptop etc) and an access point (such as a modem/router): If both client and access point know the secret greeting (the password), then you can connect to the internet. This process also generates an encryption key.

This particular point in the process is vulnerable to being tricked to reinstall that 'key' that is already in use, thus the name KRACK.

Attackers can clone a protected Wi-Fi network while forwarding the internet connection - essentially meaning the user can still access the internet - and then using KRACK can manipulate this 'handshake' process. Thus, the attacker, in Vahoef's words, "obtains a man-in-the-middle (MitM) position between the victim and the real Wi-Fi network." This doesn't give the attacker access to your WPA2 Wi-Fi password, but it does allow them to 'listen in' on the information that a client is sending between an access point.

Confusing? Definitely - the take home message is that this exploit can affect any device that uses WPA2 protection to encrypt data over a wireless network. That means pretty much every device you use in your daily life.

Fortunately, for it to be taken advantage of, an attacker would need to be in the physical vicinity of the Wi-Fi device.

Why Is Android Vulnerable To This Exploit?

Android 6.0 and above is particularly susceptible to attack via KRACK because of the way devices running this system deal with WPA2 protection.

The exploit was unearthed by Mathy Vanhoef who specifically notes that "due to an implementation bug, Android and Linux ... will reinstall an all-zero encryption key [which] makes it trivial to intercept and manipulate all data that is transmitted by these devices."

You can see his explanation, in full, below: