University Response to Wi-Fi Vulnerabilities
Dear Alumni Email Users with Andrew Ids,
Over the last week the Internet has been buzzing with reports of newly discovered vulnerabilities in WPA2, a security protocol that protects the confidentiality of Wi-Fi network connections. A bad actor could exploit these vulnerabilities on an unpatched Wi-Fi network or client to read encrypted communication and in some cases, do additional harm such as change the content of communications and spread malware.
CMU's wireless networks are secured. However, other Wi-Fi networks, your home wireless network, and your client devices (computers, mobile devices, etc) may still be vulnerable. It will take time for all vendors to create patches and even more time for those patches to be applied.
So what should you do?
- As always, watch for updates, whether at work or home, and apply patches as soon as they are available.
- Exercise caution when using any untrusted Wi-Fi network. Look for the locked icon and/or "https:// " in URLs before submitting credentials or other sensitive information like credit card data.
These, combined with other basic security best practices, will protect you from old threats and vulnerabilities as well as new ones.
Steps to safeguard your identity, devices and data are outlined for you at www.cmu.edu/computing/safe/.
As a reminder, these include:
- Protect your Andrew userID and passwords
- Configure your devices securely from the outset.
- Stay up to date with software patches and don't delay restarting your computer after patches have been applied.
- Verify the authenticity of links and unexpected attachments in email before clicking.
- Run anti-virus software with current malware signatures.
- Have recoverable backups of your files and store them in a safe, off-line location.
- Report concerns immediately - if you see something, say something.
Thank you for following these best practices and for partnering with us to keep the university and each other safe on-line.;
Please feel free to email me if you have questions, concerns, or suggestions for how we can improve.
Mary Ann Blair
Chief Information Security Officer
Information Security Office
Carnegie Mellon University
ISO Hotline: 412-268-2044