Box to OneDrive update: Transition in full swing
Web CMS project picks up pace for summer
Microsoft Teams now available for group chat, instant messaging, online meetings, and real-time collaboration
Coming soon: Connect your TVs, streaming sticks, printers, and more to the OHIO Wi-Fi
OnBase to require multi-factor authentication starting April 30, 2018
Blackboard Learn May 2018 upgrade details
Reducing Textbook Costs
OBI Reporting to require multi-factor authentication starting Jan 19, 2018
OHIO homepage makes early move to new WebCMS
Blackboard Learn: December 2017 upgrade details

WiFi KRACK: What you need to know

Wednesday, October 18, 2017
Sean O'Malley  

If you are a WiFi user - and who among us isn’t? - you should take these basic steps to protect yourself against the recently announced KRACK vulnerability, especially if you travel or if you have a WiFi router at home.

What is KRACK?

In simple terms, KRACK lets a nearby attacker eavesdrop on data being sent between a phone, laptop, or other device and the access point or router that device is connected to. KRACK does this by exploiting a vulnerability in the security protocol used by the vast majority of wireless routers and access points.

How bad is it?

Ohio University’s WiFi currently is not vulnerable to KRACK; however, most public and home networks are. Many individual devices also are affected. The vulnerability works at close range, so an attacker located near an unpatched device or network could intercept any data that device sends over an unsecured web connection.

What you should do

Update, update, update!

Make sure to enable automatic updates on all of your devices. If a device does not support automatic updates, check your owner’s manual or the manufacturer’s website to learn how to install updates manually. Most home routers, for example, include a way to update their firmware; however, you typically have to log into the router and tell it to check for updates.

Microsoft has already released an update that fixes this vulnerability for Windows.

Stick with secure websites and services

Websites that use “https” are not vulnerable to the KRACK exploit. Most browsers display a green lock icon in the address bar when the connection is using https. If you visit a website and do not see this icon, or if it has a slash through it, you should not use that site.

Use extra care when traveling

Because KRACK requires an attacker to be physically close to their target, public networks have a higher risk. If you are in a public place like an airport, hotel, or shopping district, pay close attention to the presence/absence of the green lock icon when using WiFi, and avoid visiting any sites that would require you to provide sensitive information like credit cards or logins.

This actually is good advice any time. Never trust a public or open WiFi connection with personal data.

Disconnect or use a VPN

If you need to access university resources on the road, use the university’s VPN. With smart devices, consider using cellular data instead of public WiFi.

Even if your own devices are patched against KRACK, that is no guarantee that the person responsible for the hotspot you're connected to has also patched their equipment. You should always assume that a public WiFi hotspot is not secure.

Related Links

OIT Security 
KRACK: Original announcement
Krebs on Security blog post about KRACK