Library items tagged: eduroam(UK) Advisory

Released: 10th May 2022 This advisory is important and relevant to all eduroam(UK) service organisations. Summary Background and scope Phase 1 - DNS, firewall and RADIUS server changes Phase 2 - firewall and RADIUS server changes During the migration phase Supplementary information SUMMARY Roaming1 is moving to a new platform.
Published: 06/10/2021 This advisory applies to all organisations providing a Home or Home and Visited (Wi-Fi) service.
Released 1st April 2021 Updated 16th April 2021 This advisory applies to all organisations providing a Home (IdP) service who wish to support users on Android 11 devices. A number of issues have arisen simultaneously which have resulted in a complex situation which requires a careful response from member organisations to avoid user disappointment. The recommended actions are summarised at the bottom of this page. Contents:
eduroam(UK) Advisory: EAP server certificate considerations (July 2020)
Introduction With the introduction of iOS 14 and Android 11, MAC address randomisation will become more prevalent and will have some implications for our eduroam(UK) members.  History Starting with iOS 8 and Android 8 mobile device operating system vendors started using randomised MAC addresses while scanning for wireless networks. These pre-association MAC addresses were random at every sweep. This was a step towards ensuring user devices could scan for wireless networks without being tracked.
Click on item and scroll down to the selected content at the bottom of the page. Advisory: Reinstatement of Roaming2 NRPS Advisory: Addressing claims of eduroam misconfiguration vulnerability (server certificate validation) (October 2021)
Released: 24th October 2017 This advisory is relevant to all eduroam(UK) Home (IdP) and Visited (SP)  service organisations. It’s aim is to bring to the attention of our community the vulnerability of WPA2 to Key Reinstallation Attacks (KRACK) and describes the position of eduroam.org together with recommend actions to be taken. Background and scope:
eduroam(UK) Advisory: Injection of Operator-Name attribute by the NRPSs
Advisory issued by eduroam.OT 08/04/2014 It has come to our attention that there are vulnerabilities in the relatively new 1.0.1-series of OpenSSL (as detailed by http://heartbleed.com/) affecting TLS enabled services via a heartbeat extension. While there are no indications that this affects TLS-based EAP-mechanisms or RADIUS/TLS (aka RadSec) at this time, the operational team has made the decision to upgrade OpenSSL to versions implementing a fix for CVE-2014-0160