This week, security researchers announced the discovery of an extensive security flaw in OpenSSL, called the Heartbleed Bug. OpenSSL is used by a majority of online services to encrypt data over the internet. Sites like Facebook, Yahoo, and Gmail all leverage OpenSSL to encrypt your data.
What is the Heartbleed Bug?
In a nutshell, the Heartbleed Bug provides an opening for hackers to access your data that has traveled across the internet using OpenSSL. This includes things like user names and passwords, personal information, and credit card information that you would use on sites like Gmail, Yahoo, Facebook, or ecommerce and banking sites.
What can we do to protect ourselves?
Although it was recently discovered, this bug has been in place for a few years. Security experts are still determining the scope of the impact. ITS recommends that you immediately change your passwords for high value accounts like financial accounts or accounts that allow access to personal data like tax information. Sites like Gmail, Yahoo, ecommerce, and online banking sites are all working to correct any vulnerability to minimize the risk to users going forward. ITS also advises that you continue to monitor your accounts in the coming months, especially those that contain more sensitive data like banking or credit card information.
ITS has no indication that myNEU passwords would need to be changed at this time. If you have a non ITS-managed machine, particularly one running UNIX/Linux, ITS advises that you immediately check for operating system patches and apply any critical or recommended security patches.
What is ITS doing to protect Northeastern?
To reduce our risk internally, ITS has already been working through the week to patch all of Northeastern’s technology that relies on OpenSSL. This includes patching of applications, servers, and our networks. We are continuing to work with our partner providers and vendors to address this serious security concern.
How can I get more information on the Heartbleed Bug?
More information on the Heartbleed Bug can be found here:
CNET – Heartbleed Bug Undoes Web Encryption, Reveals Yahoo Passwords
ComputerWorld – Heartbleed Bug in OpenSSL Leaves Encrypted Communications at Risk
Heartbleed Main Information Page
Questions or concerns? Please contact the ITS Service Desk at 617.373.4357 (xHELP) or firstname.lastname@example.org.