A vulnerability in wireless networking, commonly referred to as Wi-Fi, was disclosed to the public today. This vulnerability allows an attacker near you to impersonate the network and get your system to connect to their network instead. There is no fix for this at present, but there are steps you can take to reduce your risk.
First, make sure any websites you visit are done over HTTPS (show the green lock in the URL bar). When that lock is missing, never submit a username and password. If missing, the attacker could be trying to steal the credentials to impersonate you at a later date.
Second, when connecting over Wi-Fi, secure your data by either using a system like Upic’s Virtual Office or a VPN to add another layer of encryption between your system and the sites and services you wish to use.
We’ll be paying attention to this vulnerability moving forward, and patch all systems managed by us as soon after vendors release updates. For systems not managed by Upic, we recommend enabling automated security updates from the vendor when possible, and applying all security updates manually on those that don’t.
More information on this vulnerability is availability is available at https://www.krackattacks.com/. Feel free to reach out to Upic with any questions or concerns and to learn about how our solutions can help mitigate your risk from vulnerabilities like this.
UPDATE
Microsoft released patches for the defect last week, and those patches were deployed to systems online for weekly updates last week. Please make sure systems are left on Wednesday evenings for weekly updates by either logging off or restarting the computer.