TTU HomeTechAnnounce

TechAnnounce

Printer friendly format
“Heartbleed” – Additional Information

The "Heartbleed" vulnerability is a programming flaw affecting an estimated 66% of all web sites on the Internet. The impact from this vulnerability is very significant world-wide and touches almost everyone, so we wanted to provide a follow-up communication with an update and additional information.

As we previously announced to the campus, the “Heartbleed” flaw makes it possible for an attacker to read information between affected web sites and their users that would normally be hidden (i.e. encrypted). Among the data that can be exposed are usernames, passwords, and the secret keys used by affected web sites for encryption and decryption.

The flaw is corrected by installing a server software patch, obtaining new encryption “certificates”, and expiring passwords for all user accounts. This is why many users of popular Internet sites such as Yahoo, Google, Dropbox, and others are being advised to change their passwords. Most major vulnerable sites on the Internet have now taken appropriate corrective action. Key information systems at TTU, including, eRaider, Raiderlink, and Blackboard, have been confirmed not vulnerable. At this time, we believe the overall impact to Texas Tech to be low, in part due to the way we have designed our key information systems, and in part due to the rapid response of IT staff at TTU and TTUS.

To protect your personal accounts and those of your family members, please review the recommendations below: 

  • Check to see if any websites you use (and on which you have accounts) are vulnerable: 
  • Immediately change passwords for sites that are not vulnerable (whether repaired or never affected), giving first priority to critical accounts and email. 
    • Create fresh, unique passwords for each account. Hackers will use credentials from one account to break into your other accounts. 
    • Be alert for phishing scams attempting to lure you to credential-stealing sites. Do not click on links in emails that ask you to reset your passwords. To change your password, type the URL of the organization in a browser. 
    • Note: Do not change your password before a site has addressed its Heartbleed vulnerability.

As a result of this software flaw, now is a great time for everyone to do some password maintenance. Make sure your usernames and passwords at external sites are strong, choose unique passwords for different accounts, and change critical passwords frequently. And always be on the alert for malicious activity on the Internet. For additional assistance, you make contact IT Help Central at ithelcentral@ttu.edu or (806) 742 4356 (HELP).

Posted:
4/15/2014

Originator:
IT Help Central

Email:
ithelpcentral@ttu.edu

Department:
ITHC


Categories