By Science and Technology Staff
On April 11, ITS sent out the following e-mail:
Security researchers have discovered a vulnerability, named the Heartbleed bug, in many online encryption systems used around the world (OpenSSL encryption). This vulnerability affects the security of servers which handle encryption between computers, like when you connect using https to banking websites and a majority of websites where you are using passwords and private data. The Heartbleed bug allows an attacker to capture usernames, passwords, credit card information and other sensitive data at risk. Sites that may be affected are marked by the small closed padlock and the “https” in the web address.
As of Monday, April 7, ITS has patched all major Union web services impacted by the Heartbleed bug. We have no evidence at this time that the college has been compromised.
We recommend the following to members of the Union community:
1. Avoid clicking links found in unusual or unexpected emails that ask recipients to reset their password or otherwise reveal personal information.
2. Consider changing your online passwords at Union and elsewhere, especially at banks and commercial sites, early next week. Waiting a few days gives the external sites time to fix the vulnerability. Changing your passwords is critical if you use the same password for your Union e-mail account and other services.
3. Apply the latest security updates to your home computer as well as your mobile devices.
Please refer to http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ for the status of mainstream websites and what consumers should do regarding accounts at these sites.
Please refer to http://chronicle.com/blogs/wiredcampus/the-heartbleed-bug-and-how-internet-users-can-protect-themselves/51689 for more information regarding the Heartbleed bug.
If you require assistance or have any questions, please contact the ITS Help Desk (call 518-388-6400 or e-mail firstname.lastname@example.org). Please check our website http://its.union.edu/help-desk/information-security-union for the latest information.