Heartbleed Bug: What you need to know

icon-alertIT Services has conducted a comprehensive audit, and no central university services or applications have been identified as vulnerable to the Heartbleed Bug.

About to change your password due to Heartbleed? Please read!heartbleed

Changing your passwords prior to confirming that a site has secured themselves against the Heartbleed Bug could continue to put your data at risk. Many sites are notifying their customers when the vulnerability has been fixed. Change your password only after you have confirmed that a site has resolved the vulnerability.

Recent media attention has focused on the Heartbleed Bug, a major security vulnerability discovered in the technology that powers encryption across much of the Internet. The bug allows attackers to read the memory of systems protected by a popular network encryption software package, bypassing security to view protected information including personal information like usernames and passwords.

Who has been affected by this vulnerability?
Media reports suggest as many of two-thirds of all internet sites may have been affected by this vulnerability. Even market leaders such as Yahoo, Google, Facebook, and Amazon were affected.
How might I be affected by this vulnerability?
It is important to point out that just because a website was vulnerable at some point, it does not mean that this vulnerability was exploited. By extension, even if the vulnerability was exploited, it does not mean any useful private information was disclosed. However, we have handled this incident with caution, and recommend you become aware of the status of any websites or services you use.
What can I do to protect my identity and data?
Once you know a website or service you use was vulnerable at one time, assume your data is at risk and follow these steps.

  1. Confirm with the owner of any website you have an account with that they were either not affected by this vulnerability, or that it has been remedied. You may also want to confirm that they have re-keyed their SSL certificates.
  2. Change your password only after confirming the vulnerability is no longer a threat to the website. Changing your password before the vulnerability is resolved may leave you at risk.

Don’t re-use passwords!

Don’t use the same password for different websites, or if you already have used the same passwords for different websites, set a new and different password for each website. You may also want to start using a password manager to automate the generation and retrieval of passwords for all the websites you visit.

Resources

Posted in: Featured Stories
Read more about: ,

Comments are closed.