HOW DO I STAY SAFE?
To be honest, for the next couple of days there aren’t a ton of public options available to you, not until vendors begin to distribute patches. This vulnerability affects a number of operating systems and devices, including Android, Apple, Windows, Linux, Linksys and others. If your device supports Wi-Fi it is most likely affected.

UPDATE YOUR COMPUTING DEVICES
• When your cell phone and computer notify you that an update is available, don’t delay in applying them. Installing updates when they become available will mitigate the vulnerability.

UPDATE YOUR HOME ROUTER
• You will have to check the manufacturer’s website for information/instructions pertaining to any update that is available for your wireless router. The overall risk is low because an attacker needs to be in proximity of your device, so you are not suddenly vulnerable to everyone on the internet.

USE A VPN
• Use Colby’s free virtual private network (VPN) it is available to use on any computer and/or smartphone. Visit http://www.colby.edu/its/virtual-private-network-vpn/ for more information on how to install and use this service. Resist the temptation to rush and sign-up for any free VPN service until you can find out if they have been vetted and will keep your data secure. Most don’t.

USE A WIRED CONNECTION
• If available, use an Ethernet cable to get connected online.

SAFE BROWSING
• Avoid going to websites that do not display a padlock icon in the address bar. Secure websites will have HTTPS in the url (https://google.com), signifying that data transmitted is encrypted and protects the privacy and integrity of all transmitted data.
• Avoid public Wi-Fi until your device’s receive updates to fix this issue. If you are not sure, search your device’s manufacturer to see if they have released a statement on the matter. Until then, use your cellular network when possible to connect your device online.

Summary
On October 16 security researchers released details about a flaw in the commonly-used wireless security protocol known as WPA2. Any network traffic that uses this protocol can be decrypted by a nearby eavesdropper exploiting the vulnerability. The WPA2 protocol is a current industry standard employed by companies and organizations around the world, including Colby’s ‘Colby Access’ network. Additionally, WPA2 is also commonly used in home wireless networks using a passphrase or password. Client connections to any of these networks are potentially vulnerable to this type of attack until security updates have been released by device manufacturers.

What’s Affected
Any wireless network connection on any device (computers, tablets, smartphones, etc) to a WPA2-secured network. Affected networks include ‘Colby Access’ and any other network – including home networks – employing WPA2 security.

Risk
The risk to users is low at this time since the flaw can only be exploited by being in wireless range of a target and there are no known exploits being used.

Recommendations
Apply manufacturer patches as soon as they become available in order to correct the vulnerability on your device(s). Because so many different devices are impacted, it is not possible to provide a list here. Be aware of your surroundings when using wireless networks and consider using a virtual private network (VPN) connection to provide an extra layer of security on your connection.

Please contact the ITS Support Center at support@colby.edu or 207-859-4222 with any questions about this vulnerability or any other issue.