Masthead - line only
"KRACK" Wi-Fi Security Exploit

Researchers have just revealed details of a new exploit called KRACK that takes advantage of vulnerabilities in Wi-Fi security to let attackers eavesdrop on traffic between devices and wireless access points. The exploit takes advantage of several key management vulnerabilities in the WPA2 security protocol, the popular authentication scheme used to protect personal and enterprise Wi-Fi networks. It affects the core WPA2 protocol itself and is therefore effective against devices running Android, Linux and Apple and Windows operating systems, as well as a large number of Wi-Fi routers. For more detailed information, you can read Security Editor Dan Goodin’s article published on Ars Technica »

In response to yesterday's industry disclosure regarding the security vulnerability, NSCAD's wireless network has already been patched. We were fortunate that our vendor, Aruba Mobility (a division of HP) was one of the first to produce a response to the exploit.

While we have already addressed this latest security threat, there are still a few points to consider:

•  The attack is new, so not all wireless device vendors have security patches available yet. Watch for updates to your wireless devices and patch immediately.

•  For maximum security and performance, use a wired connection. Computers with wired (Ethernet) connections are available in our student labs and in the Library. Wherever available, plug your laptops into wall outlets with an Ethernet cable and turn off Wi-Fi for enhanced safety and performance. If you have to use wireless for work or for private access to your resources, use the NSCADM network for better security and broadest access. For recreational use, e.g. browsing, streaming or texting, NSCADG or NSCADG2 are fine.

•  We still recommend NOT using wireless for anything that might involve the transfer of sensitive information (credit card payments, banking, etc.)

•  We strongly recommend that you avoid using Public Wi-Fi (internet cafes, public hotspots, etc.) until this exploit is confirmed universally patched.