Bad math... 10 out of 180 is more than 5% ! Sorry!
On Apr 15, 2014, at 1:16 PM, Hanset, Philippe C <[email protected]> wrote: > All, > > We have been informing eduroam connected schools in the US that were > vulnerable > to heartbleed (about 10 schools were vulnerable out of 180 connected to > eduroam-US, less than 5%). > The eduroam federation did testing for all eduroam-connected campuses to > evaluate the level of vulnerability and we have informed each RADIUS > administrator > independently. > > This said, ANY campus that operates a 802.1X network and uses a RADIUS server > using OpenSSL could be potentially at risk since an attacker can access the > RADIUS server via the local WPA/WAP2-enterprise network. > It does require for the attacker to be physically on campus and join the > SSID, but the risk still exists! > > Please analyze your systems for the vulnerability (look into the version of > OpenSSL that you are running) > and take the appropriate measures. > > Here are a few links about Heartbleed and RADIUS > http://freeradius.org/security.html > http://www.open.com.au/pipermail/radiator-announce/2014-April/000024.html > https://confluence.terena.org/display/H2eduroam/heartbleed-note > > Thank you, > > Philippe > > Philippe Hanset > www.eduroam.us > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
