|Title||Start Date & Time||End Date & Time|
|Service Restored: Red Hat Licensing Issues||Thursday, November 29, 2018 - 9:20am|
|Service Maintenance Scheduled: Networks in Multiple Buildings||Monday, November 26, 2018 - 6:00pm||Wednesday, January 23, 2019 - 10:00pm|
Update: Both Apple and Microsoft have released patches for this WiFi security vulnerability. If your wireless devices are not set to download updates automatically, we suggest you update them immediately. The university’s Office of Information Security strongly suggests that all users enable automatic updates for all applications that offer it. Learn more about the status of vendor patching for this vulnerability.
A vulnerability has been identified which affects almost anyone using Wi-Fi. This attack impacts all modern implementations of current wireless encryption standards (including WPA-1 and WPA-2). These vulnerabilities have been dubbed KRACKs, which stands for key re-installation attacks. Attackers can use this new vulnerability to read information relayed over wireless networks that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks.
The Office of Information Technology (OIT) is monitoring the situation and working with its vendors. It is expected that all devices (e.g., desktops, laptops, smartphones, etc.) will require a security patch to protect against this vulnerability. It is likely that a patch will be required for home wireless devices as well. OIT will send out a notice to the campus when patches are available.
In the meantime, OIT recommends that you use the campus VPN when connecting to wireless hotspots from off-campus. Individuals who handle highly-confidential data (e.g., SSNs, credit card numbers; loan and bank account numbers; protected health information; and student information about disability, race, ethnicity, citizenship, legal presence, visas, or religion) should only do so on trusted wired networks on campus or while using the VPN from off-campus.
If you have questions about this vulnerability or need assistance installing the campus VPN, please contact the IT Service Center at firstname.lastname@example.org or call 303-735-4357 (5-HELP from a campus phone).