Earlier this week a serious computing vulnerability called the The Heartbleed Bug was discovered. This weakness affects a large number of websites allowing an attacker to steal login information and other data that would normally be protected by protocol for communication (for example. pages that start with https). According to a research firm, Netcraft,as many as 500,000 servers may be affected globally. Further information about this can be found at:
How does it affect 91ɫ?
has been working to identify and notify system owners that may be vulnerable to this issue. Affected servers need to be updated to the latest version of OpenSSL. Fortunately, many important 91ɫ systems, such as Passport 91ɫ, were never at risk for this vulnerability, and many systems have already been updated. Network-based defenses are in place to help prevent threats from outside 91ɫ’s campus network.
At this time, there is no indication the vulnerability has been used to compromise data from any 91ɫ website, however there is code available in public to potentially do so, and there are indications that the bug has existed for two years before becoming known to the general public.
What can you do?
Clients are advised to take the following actions:
- Change passwords for all accounts that you have (۴ǰand external) using direct password changing methods such as Passport 91ɫ etc.
- Be vigilant with fraudulent phishing messages that ask you to change your password by clicking on a link in an email. There are already indications that criminals are using the opportunity to create targeted “phishing” email messages to trick people into divulging passwords via email or directing people to a malicious/fraudulent web site.
Questions or concerns can be directed to UIT Client Services.