VSU Division of Information Technology

Blog Image Alt Text

The IT Blog

Important: The Heartbleed Bug

by Sheila Hall on April 16, 2014 in Announcements, Technical Support

THE HEARTBLEED BUG

Update: The OUCH! team has released an out-of-band special edition that explains in very simple terms what the vulnerability means to individuals and what they can do to protect themselves.

Explanation of Vulnerability (PDF Version)
Translations & Archives


The Issue:

There is a new, national technology concern named Heartbleed which involves website encryption and possible disclosure of user account names and passwords.

Researchers have identified a vulnerability in a very popular program that protects the exchange of user names, passwords and other data sent from computers to web servers over the Internet.  Examples of such activities include when you are making purchases from Amazon, logging into your banking web site or logging into various VSU web services.  The Heartbleed vulnerability provides the ability for hackers to capture your user name and passwords and begin exploiting these credentials for their own personal gain (e.g. making purchases through your account or gleaning other personal information).

VSU IT Actions:

You should know that VSU Systems Administrators and the Information Security team have worked diligently to test, update and retest all VSU websites impacted by this discovery and have analyzed 100% of all Internet connected servers.  Additionally, ADP and PeopleSoft websites used for VSU business are now up to date and have passed the Heartbleed vulnerability tests. 

 What Can You Do:

Note: Simply changing your account passwords for all of your online accounts will not be an effective solution until the vulnerable websites have properly addressed and protected their software and network infrastructure.

A few websites have been created to allow users to test various sites for the Heartbleed vulnerability. One such site is http://filippo.io/Heartbleed/Users can simply enter their site of interest (e.g. www.valdosta.edu) into the test field and press the “GO” button. The site will perform it’s test and return the results of “pass”, “fail”, or some “technical details.”  The technical detail results are not an indicator that the site has an issue but you should avoid accessing sites that are identified as “Vulnerable.” 

After a site has been corrected by the web site company (“Passed”), we encourage you to change your passwords for the desired website in case the site and your credentials have been compromised.

What Else Can You Do:

View the Heartbleed Hit List provided by the Mashable website of currently popular sites and services and their exposure to the Heartbleed bug. This is not an exhaustive list nor are the services affiliated with VSU.  Change your passwords on the sites that state a password change is required.

View Tips for Choosing a Good Password

VSU Division of Information Technology encourages you to change your passwords on a regular basis for all computer and Internet access.

*Information provided by Bill Moore, VSU Chief Information Security Officer
_______________________________________________________________________
If you have questions or need help, please contact VSU Helpdesk:

Phone: 229-245-HELP (4357)
Email: helpdesk@valdosta.edu (Only VSU email address can be accepted.)
Web: www.valdosta.edu/helpdesk
Walk-in: Odum Library, 2nd Floor, next to Circulation Desk  
Monday – Thursday: 8am – 9pm
Friday: 8am – 5pm
Saturday: 11am – 5pm
Sunday: 1pm – 9pm