Technology Department News

Heartbleed

What is it?

Heartbleed is a serious security vulnerability in web servers that run OpenSSL. (A lot of web servers run OpenSSL). Intrusion leaves absolutely no trace what so ever. Thus, there is no way to know if someone has implemented the vulnerability.

Why should you care?

Lots of web servers run OpenSSL for security and authentication. This bug could allow someone to steal your user name and password, without anyone knowing.

What should you do?

The short answer is that you should change your passwords on all important sites. The bad news is that you need to do that after the server has been updated and new security certificates installed. However, unless the individual site tells you that they have updated, you’ll have no way of knowing.

UPDATE: Most providers have updated their sites. It is prudent to change your passwords.

Examples

The following sites are SOME sites that are vulnerable or not:

Vulnerable Not Vulnerable
Yahoo Google
Flickr Youtube
Eventbright Twitter
Scoopit Facebook
Zoho Wikipedia

Note

This will be especially important for your personal accounts. We are currently reviewing our network vulnerability.