The “Heartbleed” security bug has been flooding the news this week with reports that it has affected the Canada Revenue Agency’s website and other sites around the world. The purpose of this note is to explain how we’re dealing with the issue at the U of S and what it means for you.
What is the situation?
The Heartbleed security bug has been found in one of the most widely used pieces of Internet security software used to encrypt and protect things like passwords and other information that hackers could use to enter secure websites. The software is known as OpenSSL and the vulnerability created by Heartbleed means that individuals on the Internet can decode and read previously protected sensitive information on compromised websites.
The bug affects servers, Internet-enabled devices and networking hardware that use the vulnerable version of the software, and could include home access points and firewalls, wireless phones, home networking equipment and security systems, smart TVs and Blu-ray players.
What’s happening at U of S?
The U of S is actively managing the situation. All servers managed by ICT were patched on Tuesday evening and Wednesday morning, which substantially reduces our exposure to this vulnerability.
What can you do?
You should always pay attention to cyber security and practice good password management and check with your device manufacturer to see if your devices are affected and if they will be issuing an update.
If you’re curious and would like to learn more about Heartbleed, check out the website set up by the researchers who discovered the issue.
You can also view the The Government of Canada’s information on the Heartbleed bug.
For further information, contact the ICT Help Desk.