Tung Wah College - Information Technology Services Office - IT security alert of Wi-Fi Protected Access II (WPA2) Multiple Vulnerabilities (KRACK) on 17 October 2017. Skip to Content
Scoial icon1 Scoial icon2 Scoial icon3 Scoial icon4 Scoial icon5 WeChat Search
PowerCampus
  • mail
  • blackboard
  • facebook
  • instagram
  • youtube
  • LinkedIn
  • WeChat
  • Search
  • PowerCampus
Taint●Wisdom●Commitment
High Contrast
Font SizeDown Arrow
Medium

Small
Medium
Large
ENG
Down Arrow
ENG
繁體
简体
Home
Programmes
Library
About TWC
Admission
Programmes
Academic Units
Administration Units
Teaching & Learning
News & Events
IT security alert of Wi-Fi Protected Access II (WPA2) Multiple Vulnerabilities (KRACK) on 17 October 2017.
17/10/2017
Dear Staff and Students,

 

This is the IT security alert of Wi-Fi Protected Access II (WPA2) Multiple Vulnerabilities (KRACK) on 17 October 2017.

 

Multiple vulnerabilities were identified in Wi-Fi Protected Access II (WPA2) which could allow an attacker to conduct a key reinstallation attack (KRACK) on targeted devices that use WiFi. An attacker could decrypt the data or even conduct data tampering in the wireless connection.

 

To successfully conduct the attack, an attacker has to be within the wireless communication range of the Wi-Fi access point (AP) and the targeted device.

 

Impact
Information Disclosure
Data Manipulation

 

System / Technologies Affected
Wi-Fi enabled devices

 

Alert from Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
https://www.hkcert.org/my_url/en/alert/17101701

 

Actions taken by ITSO
1. Installed patches on college wireless computer.
2. Updated latest Firmware for all WiFi Access point in the College

 

Recommendations to Staff and Students
1. Install the latest patches on your wireless devices (e.g. smartphone, laptop, home wireless router). Vendors are rolling out patches and firmware updates. Please refer to the vendor’s information or the following vulnerability notice: https://www.kb.cert.org/vuls/id/228519 .
For Microsoft Windows device, please apply Microsoft October 2017 Security Updates through Windows update.
Microsoft October 2017 Security Updates addresses one of several vulnerabilities found in WPA2 via issuing a patch for CVE-2017-13080
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/313ae481-3088-e711-80e2-000d3a32fc99

 

2. Use HTTPS to encrypt sensitive information.
Always check to make sure there’s a green lock icon in the address bar of your browser. That lock indicates that an HTTPS (encrypted and therefore secure) connection to this particular website is being used. If someone attempts to use SSLstrip against you, the browser will be forced to use HTTP versions of websites, and the lock will disappear. If the lock is in place, your connection is still secure.
https://www.kaspersky.com/blog/krackattack/19798/

 

3. Don’t use public Wi-Fi to handle sensitive information. Consider using a trusted wired connection or mobile data network.

 

For enquiry please contact ITSO hotline at 3190 6640 or email to [email protected].

 

Regards,
Information Technology Service Office

 

Tung Wah College
Tower B, 9F, 98 Shantung St., Mongkok, Kowloon, Hong Kong
Rm1004, 31 Wylie Road, Homantin, Kowloon, Hong Kong




NEWS & EVENTS
View more
New Multifactor Authentication (MFA) setup guide for TWC Office 365 service
Multifactor Authentication (MFA) for TWC Office 365 service will be enforced on 7 Jun 2021 Monday
Phishing Alert on 1 Jun 2021 - Subject: Follow-up Now
QUICK LINKS
QUICK LINKS
Tung Wah College Logo
King’s Park Campus
Ma Kam Chan Memorial Building,
31 Wylie Road, Homantin, Hong Kong
Mongkok Campus
Cheung Kung Hai Memorial Building, 90A,
and Cheung Chin Lan Hong Building, 98,
Shantung Street, Mongkok, Hong Kong
Kwai Hing Campus
16/F, Tower 2,
Kowloon Commerce Centre,
51 Kwai Cheong Road,
Kwai Chung, Hong Kong
Telephone
(852) 3190 6678