By now you may have heard about the Heartbleed security flaw that affected Open SSL version 1.0.1. This security flaw allows for the leaking of private information from otherwise secure websites/servers. IC has been working diligently to verify our own security to ensure the safety of SU students, faculty and staff. Here is what you need to know…
FAQ’s About HeartBleed & SU
What is the IC doing about this problem?
IC has been analyzing all University systems to determine if there are any security vulnerabilities relating to HeartBleed.
Do I need to change my university password?
You do not need to change your SUnet Password. Core SU sites are secure. (WebAdvisor, Blackboard, Datatel, etc…) If you are using your SU password at other sites, you should change it now to something unique.
Do I need to change my SU email password?
Google Apps and Google services were vulnerable to this security flaw. While Google has stated that users do not need to change their password, it is recommended that you do so. Many times we reuse the same password for multiple accounts, so if you used your Google password on a site that has been breached, you could be at risk. Click the following link to be taken to the Google Password change page.
Google Password Change
Should I change my passwords for other sites?
Some sites used by SU faculty, staff and students have been compromised. It is recommended that you change your password for the following sites…
Many other sites online have been affected by this security breach. You should check other sites in which you have logins for their statement on the HeartBleed vulnerability.
Sites like Yahoo, Facebook, Tumblr, Pinterest, Dropbox, Prezi, TurboTax, etc… have been affected. You should take this opportunity to create strong, unique passwords for all the different sites that you have to update.
This website from Mashable has a good list of sites that have been affected.
Mashable - HeartBleed HitList
You can also go to www.lastpass.com/heartbleed and check other websites that aren’t listed on the Mashable Site. While this isn’t 100%, it is better than doing nothing!
IC recommends that you bookmark this page and check back frequently. You can use the links above to check other sites for updates to their vulnerability status.
If you have any questions, do not hesitate to call the IC Help Desk at ext. 5555