The attack can permit attackers to potentially eavesdrop on your network traffic and your communications, change information, delete information, and insert information, all to cause problems and cost you money.

The good news is that the attacker needs to be within range of your Wi-Fi network. They could be some distance away if they use a strong antenna or if they plant a remotely controlled device nearby.

Do two things to mitigate this danger:

First: Apply the new patches that address this issue. That can prevent the attack.

Second: Isolate your wireless network from the rest of your network. That can help reduce the damage.

Related to the first step: Apply the most recent critical security patches, often called firmware updates, to your wireless devices. The company brands of your devices should release patches. Additionally, apply patches to your operating systems and applications that use Wi-Fi networking.

Microsoft released a patch a few days ago, on October 10, as part of the expected second Tuesday of every month patches, that solves this problem on their side of the products. At home, your automatic update should have patched your Windows workstations. But you will still need to patch your wireless access point. At the office, your IT team will need to patch the computers and devices. Please give them time to do so – it can take some time. Information about the attack in general, and some of the patches, can be found at: kb.cert.org/vuls/id/228519 If the manufacturer of your devices does not produce updates, your next step might be to replace the devices with new ones.

For the second step: It is an IT Security best practice to isolate all wireless devices on your network to be away from the wired devices. For years, organizations would add wireless capabilities to their network by connecting wireless access points to the same network as your workstations and servers. That is a very dangerous practice since it can permit wireless devices, perhaps belonging to an attacker in the van outside your building, to access the wired resources on your network. In the case of this specific attack, it makes it easier for the attacker to access the data on the most protected parts of your organization’s network. Isolate all wireless devices on their own, what your IT professionals call a, filtered subnet.

As is often the case with IT Security, this will be a risk vs. expense decision. It is important that the executives of a company make the final decision about whether or not to ask IT to implement the mitigation steps. Your IT Team will appreciate your deciding, and the choice is yours since, if there is a successful cyber-attack, the executives, especially the president, CEO, and owner will suffer the most.

Please forward this to everyone you know who uses wireless networks.

The post Wireless Security is Broken & What You Need to Do appeared first on Foster Institute.

Your iPhone and iPad will prompt you to upgrade to the new iOS 11 soon. Having the most recent version of iOS is one strategy for being secure. Like Google does with the Android OS, Apple focuses on keeping the newest iOS free from security vulnerabilities.

But, with Apple’s new iOS 11, you need to be aware of a feature that might cause you to believe you are safe from Wi-Fi attacks when you are not.

Mobile devices are vulnerable to Wi-Fi attacks, and people who are serious about the security of their phone or tablet choose to turn off Wi-Fi except when they are at their office, home, or somewhere else they know they want to use W-Fi.

In the new iOS, turning off Wi-Fi in the Control Center does not really turn off Wi-Fi. Apple says this is a feature that keeps you from losing connectivity with Wi-Fi devices like an Apple TV or a Pen. But the practice of Apple leaving Wi-Fi on without your knowledge has created some discontent in some of us who want to help you be as secure as you want to be.

If you turn off Wi-Fi in the Control Center, your device will indeed disconnect online connections to Wi-Fi networks, at least temporarily, so it appears to work.

But Apple says that, as soon as the user walks or drives to a new location, the auto-join feature will turn itself back on without notifying or asking the user’s permission. I tried that, turning off Wi-Fi in my Control Center, and then drove a few miles just to see. To my happy surprise, the Wi-Fi did not re-enable. However, a little time later in my office, I noticed that the Wi-Fi had turned itself on again on its own.

Apple also says that auto-join will come on again automatically at 5 am. Sure enough, I turned off Wi-Fi in the Control Center at night, and when I checked the icon in the Control Center at 5:15am, the Wi-Fi was re-enabled.

You can read about this unexpected feature, on Apple’s own website: https://support.apple.com/en-us/HT208086

You will be OK, as long as you know that if you want to turn off Wi-Fi, you have to go to the settings menu and turn Wi-Fi off there.

Please forward this to anyone you know who knows that turning off the Wi-Fi on their phone can increase their safety from attackers. Help them know that the only way to turn off Wi-Fi is to go to settings, not to the easy to reach control center.

The post New iPhone and iPad iOS 11 Can Quietly Override Your Attempt to Be Secure appeared first on Foster Institute.

Most executives do not realize that using public Wi-Fi can be very dangerous.

Rather than terrify you with all of the cyber-security risks companies face, because the Sony breach is doing that. Here is a better solution for wireless access: Use the data-sharing function of your phone.

Most phones these days permit you to connect your laptop through the phone to use the Internet. The connection speeds are usually very fast, and unless you are watching movies, the amount of data you consume may be less than you think.

Wishing you a cyber-safe holiday season!

The post Cyber-Safe Holiday Travels appeared first on Foster Institute.