advisory

10 May 2016 at 6:10pm
May 2016 - 10/05/2016 This advisory applies to any member organisation that operates an ORPS that is configured to send RADIUS accounting packets to the NRPS. Originator: Edward Wincott Scope
20 January 2016 at 8:32pm
January 2016 - 20/01/2016 This advisory is relevant to all eduroam(UK) Home (IdP) service organisations that are using server certificates supplied through the Jisc Certificate Service (Janet Certificate Service) for RADIUS servers acting as authenticators. It describes the effect of the change to the new certificate authority which occurred in May 2015, together with the measures that need to be planned for and put into effect. Originator: Edward Wincott Background and Scope
April 2014 - 8-14/04/2014 This advisory applies to all member organisations using RADIUS systems using TLS enabled with OpenSSL. Go to: https://community.jisc.ac.uk/blogs/eduroam/document/advisory-openssl-tls...
May 2014 - 15/05/2014 This advisory is relevant to ALL Visited (SP) service organisations participating in eduroam in the UK. It describes the recommendation, which will be included in the next revision of the Technical Specification, to filter out bad and doomed authentication requests containing malformed or 'homeless' usernames in order to reduce unnecessary loading of the national proxy servers.
14 April 2014 at 4:34pm
Advisory issued by eduroam.OT 08/04/2014 It has come to our attention that there are vulnerabilities in the relatively new 1.0.1-series of OpenSSL (as detailed by http://heartbleed.com/) affecting TLS enabled services via a heartbeat extension. While there are no indications that this affects TLS-based EAP-mechanisms or RADIUS/TLS (aka RadSec) at this time, the operational team has made the decision to upgrade OpenSSL to versions implementing a fix for CVE-2014-0160
15 January 2013 at 3:46pm
This advisory is relevant to all participants in the UK providing the eduroam federated service historically known as the Janet Roaming Service. Organisations are requested to review their service-related web material. 9/01/2013
5 July 2019 at 5:37pm
October 2012 - 3/10/2012 This advisory is relevant to ALL Home (IdP) service organisations participating in eduroam in the UK. It describes the use of RadSec at national proxy level, how this can benefit the individual user and what eduroam organisations must do in order to gain these benefits. Originator: Alan Buxey
20 August 2013 at 12:16pm
September 2012 (11/9/12) This advisory applies to all FreeRADIUS based participants. Microsoft IAS, NPS, Cisco Secure ACS and other RADIUS server based participants are not affected.
Anonymous
Scott Armitage is a member of the IT Services department at Loughborough University and works within the Network & Security Team. Scott has been one of the key people responsible for the deployment and management of wireless networking at Loughborough and is also heavily involved in deploying 802.1X on the wired network. Recently he has also been contracted to JANET(UK) as an advisor for the newly created Wireless Technology Advisory Service (WTAS).
Subscribe to advisory