You may be seeing your friends in the IT world looking a bit stressed this week. Yes, I know that isn't an unusual thing, but when I see my buddies who specialize in WiFi security crying into their morning coffee saying "what are we going to do?" and rocking back and forth... well then I know something is very wrong.
And, what would that "very wrong" be? Well read on...
On Sunday, there was an announcement made about a very serious vulnerability that effects millions of WiFi access points and routers throughout the world! It is called "Krack" - Key Re-installation Attack - and it effects any WiFi access point or router that uses the WPA2-PSK encryption. Most likely, this means you ARE effected by this since most businesses and schools (and coffee shops, airports, public WiFi, etc.!!!) use this WiFi encryption.
Basically, the flaw allows a hacker to see all of the traffic going between your device and the WiFi access point/router - AND THEY DON'T EVEN HAVE TO BE ON THE NETWORK TO DO IT!!
What makes it even worse is that if you have unsecured data shares on your supposedly secure network those same hackers could easily steal your data!!! (and yes, that could include USB keys attached to a computer!)
Now I am sure that you are wondering about what you can do to protect yourself. Well, Microsoft has already created a patch for Windows and Apple and Google are not very far behind.
But now for the catch... you have to be regularly updating your computer and installing the patches!! (Yes, my Apple friends... I mean you - iOS and OSX are not immune to this!!)
Schools, you need to be running firmware patches and updates on all of your AP's/routers and for heaven's sake put a password on that network file share!!
In all reality, hackers are not going to be driving up and down your street to hack into your home network. Especially when there are much juicer prospects with big business, schools and the coffee shops that are nearby. But this does not mean that you should not be protected everywhere you go. Here are some tips to keep you safe.
- UPDATE! UPDATE! UPDATE!
Run all the patches and updates as they come out. I hear all sorts of excuses why NOT to run updates. Don't fall prey to this! RUN UPDATES!! - MAKE SURE THAT YOU ARE ON HTTPS SITES!
Make sure that every website you visit that has you enter any information or passwords is protected by that little lock icon in the address bar! - USE VPN's!
Most schools do not allow your device to run a VPN as then they can't filter the device as required by the Federal E-Rate requirements. That is because a VPN will hide all of your traffic so no one can see it! Bad for at school... Good when you are out "in the world!" So, get a VPN and use it when you go for coffee.
Help is already on the way. Most systems will have patches out soon but that will only work if you force your fleet of iPads, Chromebooks, PC's or Smart Phones to run the updates. Oh yes, don't forget to run firmware updates on your AP's and routers.
Well, that's all for today!! As always, I solicit your comments on the blogsite.
Regards,
Yossie
Hey, Yossie!
ReplyDeleteThis article is amazing to read. I just found this article while searching for something amazing to read in Englishw & here I am. Thanks for sharing!