Library items tagged: advisory

Released: 6th January 2022 This advisory is important and relevant to all eduroam(UK) service organisations. Background and scope Phase 1 Phase 2 Monitoring Progress Summary Action required Supplementary Information Background and scope
Published: 06/10/2021 This advisory applies to all organisations providing a Home or Home and Visited (Wi-Fi) service.
Published: 14/06/2021 This advisory applies to all organisations providing a Visited (Wi-Fi) service. Whilst not specifically an eduroam/802.1X related issue, the FragAttacks vulnerabilities highlight the need to keep your Wi-Fi devices patched to ensure that fixes developed by your equipment vendors are applied to your infrastructure. Several vendors have been quick to respond and have released updates; you may have received direct e-mail notification.
May 2016 - 10/05/2016 This advisory applies to any member organisation that operates an ORPS that is configured to send RADIUS accounting packets to the NRPS. Originator: Edward Wincott Scope
Buried in the historic mail archives (and likely in some older eduroam documentation) are advisories concerning the type of RADIUS certificate that eduroam(UK) participants should be using.  Basically, do not use MD5 certificates. For some time now, MD5 has been deprecated and over the past few years Operating Systems have been dropping support for such certificates. e.g. http://support.apple.com/kb/HT4999  (since iOS 5 MD5 certs are only valid for CA certs not server certs)
Announcement regarding Windows Mobile 8 and 802.1X authentication with certificate validation Best practice is that clients must be configured to trust/verify the CA that signsthe RADIUS server that presents during an 802.1X authentication - a major securitypin for eduroam is this trust/check. It has been noted that Windows Mobile 8 (WM8) devices would not authenticate the userif this 'verify' option was chosen.
eduroam(UK) Advisory: Injection of Operator-Name attribute by the NRPSs
Advisory issued by eduroam.OT 08/04/2014 It has come to our attention that there are vulnerabilities in the relatively new 1.0.1-series of OpenSSL (as detailed by http://heartbleed.com/) affecting TLS enabled services via a heartbeat extension. While there are no indications that this affects TLS-based EAP-mechanisms or RADIUS/TLS (aka RadSec) at this time, the operational team has made the decision to upgrade OpenSSL to versions implementing a fix for CVE-2014-0160
May 2014 - 15/05/2014 This advisory is relevant to ALL Visited (SP) service organisations participating in eduroam in the UK. It describes the recommendation, which will be included in the next revision of the Technical Specification, to filter out bad and doomed authentication requests containing malformed or 'homeless' usernames in order to reduce unnecessary loading of the national proxy servers.
October 2012 (3/10/2012) Updated 2/11/2023 This advisory is relevant to ALL Home (IdP) service organisations participating in eduroam in the UK. It describes the use of RadSec at national proxy level, how this can benefit the individual user and what eduroam organisations must do in order to gain these benefits. **This Advisory Remains in Force - it is Applicable to the Current Date** Originator: Alan Buxey