National Post (National Edition)
Feds saying little about flaw in Wi-Fi security
MONITORING ISSUE
shows that if someone who’s talented puts their mind to it, (Wi-Fi) is vulnerable,” said Christian Leuprecht, a political-science professor at Queen’s University and Royal Military College, who has studied cybersecurity issues.
Shared Services, the government department responsible for IT, wouldn’t confirm if it was aware of the flaw or if the government has been affected.
The department emailed a statement through a spokesperson saying it “remains vigilant in monitoring any potential threats and has robust security measures in place to address them.”
More than 8,000 wireless access points are in use by federal employees.
The tech website Ars Technica wrote that “the vulnerability is likely to pose the biggest threat to large corporate and government Wi-Fi networks.”
The Communications Security Establishment, the national cryptologic agency, said it was not aware of any reported exploitation of the Shared Services, the federal government department responsible for its IT, wouldn’t confirm if it was aware of the Wi-Fi flaw or if the government has been affected. vulnerability and stressed to government departments that applying relevant patches “as soon as they are made available by vendors is key to protecting networks from vulnerabilities.”
Since the flaw could affect nearly every Wi-Fi-enabled device in the world, there’s almost no limit to what can be affected.
Android and Linux devices are particularly susceptible to the KRACK issue, with Windows and iOS devices less so.
David Skillicorn, a professor at the Queen’s University School of Computing, said a likelier target than government Wi-Fi networks could be the home networks of high-level officials government.
If someone who works with sensitive information works from home using their Wi-Fi network it could be vulnerable if the router hasn’t been patched.
Data travelling from the person’s phone or PC could be intercepted by hackers.
One mitigating factor is that an attacker would have to actually be in the area — or control a device in the area — which limits their ability to exploit this security flaw.
Still, the vexing thing about the KRACK exploit is that it leaves secure networks vulnerable, so the people who went to the in the trouble of password-protecting their home networks are the ones affected.
In the wake of security problems like this and recent high-profile hacking incidents, there has been a move to more secure websites across the internet.
More than half the web now uses HTTPS, rather than its insecure cousin HTTP, to communicate web data to users.
Some sections of the government’s website still use the old, non-secure standard.
For example, a page on the government’s website where users can request a status update on document authentication is an unsecured HTTP website.
Information from the Chrome web browser says the site is not secure and that users “should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.”
The form asks for a user’s full name, telephone number, and complete address.
The United States government has adopted a protocol that requires secure servers across all government websites.
The Treasury Board has plans for a “HTTPS everywhere” standard that is currently being implemented.
“Of course it’s a problem. These are reasonably straightforward things we should be doing. This is not rocket science, it’s a simple way of making sure all your communication is secure,” said Leuprecht.
A website explaining the U.S government policy makes a strong case for HTTPS.
“Today, there is no such thing as non-sensitive web traffic, and public services should not depend on the benevolence of network operators,” it reads.
Most affected manufacturers have been rolling out patches so the best defence against this, and any other, exploit is to update your devices frequently.
Or to be really safe but a little less mobile, use an ethernet cable to connect to your router, rather than connecting to the Wi-Fi. a “few” animals are still being used in high-level training, though the military is studying alternatives that might prove as beneficial.
“This training has saved soldiers’ lives,” she said. “We conduct this training in as humane a way as possible. There is an individual that must be present throughout the training, whose only responsibility is to ensure the animal does not suffer.”
Pigs are kept under anesthetics during “surgical wounding” and treatment, then euthanized, according to Tien’s paper.
Pippin said the alternatives — computerized simulators that try to duplicate the effects of injury — have developed rapidly since the end of Canada’s Afghan mission.
They include “strategic operations cut suits” that are worn by real people who can act out the movements and reaction of a wounded person, and “operative experience” mannequins that are so realistic, a blood-like substance spurts out when a limb is severed, he said.
The new study notes Canadian Forces medics trained solely on simulators until January, 2007, when York-Landrace pigs were introduced, with trainees first working on the live hogs in an operating room, then in simulated combat conditions.
Medics are taught how to stop heavy bleeding; treat airway blockages by cricothyrotomy — cutting a hole in the throat; and to relieve tension pneumothoraces — potentially deadly buildups of air around the lungs — by puncturing the chest with a special needle.
Of the 38 medics who responded to the survey, 88 per cent had performed life-saving procedures on troops in Afghanistan, most more than five times.
About 90 per cent of those who had been deployed both before and after the pigs were introduced said the change was valuable and urged that it be maintained.