IMPORTANT ANNOUNCEMENT: This website was decommissioned on July 18, 2022

Posted on July 18, 2022

This site is no longer being updated with new postings. Please visit the UBC IT Status Page at https://status.it.ubc.ca for any new status updates and incident notifications. For operational status of our enterprise-level services, users can now subscribe in multiple ways that now includes push notifications:

  • Email
  • SMS
  • Slack integration
  • Twitter
  • Webhooks
  • RSS feed
  • Custom Embed via Status API

You will be redirected shortly to the Status Page or follow the link below to go there now.

Visit the UBC IT Status Page

 

IMPORTANT ANNOUNCEMENT: This website will be decommissioned on July 18, 2022

Posted on June 20, 2022

The UBC IT Bulletins site will no longer be updated on July 18, 2022 and users will need to visit its replacement, the UBC IT Status Page at https://status.it.ubc.ca, where they can view or subscribe to status updates and incident notifications.

UBC IT Bulletins was kept as a legacy site in order to temporarily maintain RSS feeds and intended to provide users time to switch their subscriptions to the Status Page channels.

Before the decommission date of July 18, 2022, we recommend visitors go to https://status.it.ubc.ca to begin subscribing to the new notifications the Status Page has to offer. For our enterprise-level services, users can now subscribe in multiple ways that now include customizable push notifications:

  • SMS messaging
  • Email notifications
  • Webhooks
  • Twitter feed
  • A general RSS feed
  • Custom Slack notifications
  • Custom embed code via an API

Visit the UBC IT Status Page

WPA2 Wireless Protocol Vulnerability – October 17, 2017 10:00 PT

By Operations Centre on October 17, 2017

Description

A severe vulnerability has been discovered in the Wi-Fi Protected Access II (WPA2) standard utilized in secure wireless networks such as ubcsecure, eduroam, ubcprivate. UBC IT is in the process of applying infrastructure workarounds and/or patches as recommended by our vendors. Operating systems on the end-point devices that connect to these networks are also affected. This vulnerability has the potential to allow an attacker to perform a man-in-the-middle attack on an affected client device.

Severity

Critical

CVE Numbers

CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13084 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088

Recommended actions

–        Please patch end-point devices as soon as security updates are made available by your vendor (Apple, Micorosoft, Samsung, Google, etc).

–        Ensure all sensitive data and credentials are passed via HTTPS/SSL.

 

More Information

https://www.kb.cert.org/vuls/id/228519

https://cwe.mitre.org/data/definitions/323.html

https://www.krackattacks.com/

https://papers.mathyvanhoef.com/ccs2017.pdf

Posted in , ,

Visit the UBC IT Website

Archives

RSS Feeds