A world-class city filled with art and culture and an incredible campus that offers cutting edge resources–that’s what students receive at Penn Nursing. And that’s just the start. Penn Nursing and the wider university offer something for everyone, as well as a lifelong community.

Penn Nursing is globally known for educating dynamic nurses—because our School values evidence-based science and health equity. That’s where our expertise lies, whether in research, practice, community health, or beyond. Everything we do upholds a through-line of innovation, encouraging our exceptional students, alumni, and faculty share their knowledge and skills to reshape health care.

Penn Nursing students are bold and unafraid, ready to embrace any challenge that comes their way. Whether you are exploring a career in nursing or interested in advancing your nursing career, a Penn Nursing education will help you meet your goals and become an innovative leader, prepared to change the face of health and wellness.

Penn Nursing is the #1-ranked nursing school in the world. Its highly-ranked programs help develop highly-skilled leaders in health care who are prepared to work alongside communities to tackle issues of health equity and social justice to improve health and wellness for everyone.

Penn Nursing’s rigorous academic curricula are taught by world renowned experts, ensuring that students at every level receive an exceptional Ivy League education. From augmented reality classrooms and clinical simulations to coursework that includes experiential global travel to clinical placements in top notch facilities, a Penn Nursing education prepares our graduates to lead.

Critical Vulnerability in WiFi Encryption Protocols

ISC has notified us about an existing vulnerability in current wireless encryption protocol standards (WPA1/WPA2).

October 17, 2017

An attacker within range of a victim can exploit these weaknesses using Key Re-installation Attacks (“KRACKs”).  These attacks can be used to read Wi-Fi network traffic that was previously assumed to be encrypted. This can be abused to reveal sensitive information transmitted through unencrypted protocols, like standard (HTTP) web browsing, FTP, and other unencrypted communications. Additionally, this attack can be used to spoof website responses (such as redirecting you to a fake or malicious website).

The vulnerabilities are in the Wi-Fi standard itself, and not in individual products or implementations.  To prevent the attack, users must update affected products as soon as security updates become available.  Researchers discovered that Android, Linux, macOS/iOS, Windows, OpenBSD, MediaTek, Linksys, and other operating systems/devices are all currently affected by some variant of the attack[2].

Remediation and mitigation:

  • Operating systems should be patched as soon as patches are available including: Windows, macOS, iOS, and Android.  We will send additional notices as patches are available.
  • WPA1 and WEP should NOT be used instead of WPA2 – even with this new attack, WPA1/WEP are still considered much less secure than WPA2.
  • This attack does not break HTTPS/SSL connections – however, in certain scenarios, downgrade attacks may be possible.  To reduce this risk, we recommend the following:
    • Using a VPN service whenever connected to a Wi-Fi access point.
    • Using the “HTTPS Everywhere” browser plugin[3] to prevent downgrade attacks for HTTPS (secure) websites.
    • Ensuring any website you are about to enter sensitive information into is SSL secured (with the padlock icon) and displays the correct URL.

 Additional points and takeaways:

  • It is unknown if this vulnerability is currently being exploited in the wild, but as the research for this attack has been published, it is anticipated that it soon will be.
  • Both WPA2 Personal & Enterprise are affected.
  • This is the first workable attack against WPA2 that does not use password guessing – incidentally, the WPA2 password itself is not exposed to the attacker.

For further information, please see the following reference links:

[1] https://www.krackattacks.com

[2] https://papers.mathyvanhoef.com/ccs2017.pdf

[3] https://www.eff.org/https-everywhere

 

Additionally, below are links/references to some of the major vendors who have released patches for the vulnerabilities discussed above:

Windows 7, 8, 8.1, 10: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

Intel Wi-Fi: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr

Aruba: http://support.arubanetworks.com/LifetimeWarrantySoftware/tabid/121/DMXModule/661/EntryId/27269/Default.aspx

Debian: https://www.debian.org/security/2017/dsa-3999

Red Hat: https://access.redhat.com/security/vulnerabilities/kracks

Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

Fortinet: http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf

Linksys: https://www.linksys.com/us/support-article?articleNum=246427

Netgear: https://kb.netgear.com/000049498/Security-Advisory-for-WPA-2-Vulnerabilities-PSV-2017-2826-PSV-2017-2836-PSV-2017-2837

Ubiquiti: https://community.ubnt.com/t5/UniFi-Updates-Blog/FIRMWARE-3-9-3-7537-for-UAP-USW-has-been-released/ba-p/2099365

Raspberry Pi: https://raspberrypi.stackexchange.com/questions/73879/rpi-vulnerable-for-wi-fi-wpa2-krack-attack/73908#73908

It is recommended to apply the patches referenced above for all affected equipment. 

More Stories

Microsoft 365 Outage - March 15, 2021

Read More Microsoft 365 Outage - March 15, 2021