Information Security Alert: Heartbleed bug
A major worldwide vulnerability has been discovered that may affect two-thirds of the websites on the Internet.
There is a flaw in versions of OpenSSL that allows access to information that would normally be protected through secure connections. The “Heartbleed bug” allows anyone on the Internet access to see what’s in the memory of systems protected by Open SSL, leaving no evidence that they’ve done so. Approximately two-thirds of all websites are affected. Researchers reported the bug on April 7, but the vulnerability has existed since 2011. Note that this is not a breach of a password database. Website owners and vendors worldwide are in the process of updating/patching the servers hosting these websites.
RIT has successfully secured the vast majority of our computing infrastructure with patches and other mitigations. Some lower profile services have been taken offline until patches are released and mitigations applied. This is a necessary step to protect RIT.
RIT continues to work with vendors to implement patches and other mitigations.
The RIT Information Security Office continues to conduct vulnerability scanning of the RIT network until all vulnerabilities have been addressed.
For RIT passwords, please change your passwords. Given the scale of this vulnerability, there is concern that passwords may be at risk. For personal passwords, we recommend that you change your passwords. Priority should be given to sites accessing private information, financial accounts and email. Note that if the website is still vulnerable, you may need to change your password again after the site is patched.
Stop using the same password for multiple sites. Create a new unique password for each site.
Be alert for phishing attempts leveraging the publicity around the OpenSSL bug.
For more information:
Heartbleed: What You Should Know (The Washington Post)
Half a million widely trusted websites are vulnerable to Heartbleed bug (Netcraft)
How to Protect Yourself From the Heartbleed Bug (Mashable)
LastPass Heartbleed checker (Note: This allows you to put in a website address to determine if it’s been fixed.)
Recommended News
-
April 27, 2024
!['crowd of people walking along the quarter mile during Imagine RIT']()
Innovation meets creativity at Imagine RIT
Artificial intelligence, robots, glass blowing, virtual reality, and performing arts were just a sampling of what thousands of visitors experienced at the 2024 Imagine RIT: Creativity and Innovation Festival on April 27.
-
April 27, 2024
!['5 people are shown on a stage, sitting in gray chairs. The speaker on the far left is holding a microphone speaking to the others. A poster that says Futurists Symposium is shown behind them.']()
University’s ‘futurists’ encourage audience to embrace curiosity during Imagine RIT symposium
Be curious because what if, said RIT alumnus Bob Morrealle, who shared stories of discovery, hope, and confidence during his presentation at the Futurists Symposium, a collection of alumni and faculty offering an insider’s look into the future of technology, the arts, and design. The symposium, held April 26 in the Wegmans Theater, MAGIC Spell Studios, was the official kickoff to Imagine RIT: Creativity and Innovation Festival.
-
April 26, 2024
![Molly HIll is shown sitting on a directors style chair in jeans and a light brown suit jacket.]()
Color Chat: Disney’s Image and Color Engineer Molly Hill
postPerspective talks to Molly Hill '18 (motion picture science), '18 (film and animation), about her experience working as a senior image and color engineer at The Walt Disney Studios.
-
April 26, 2024
![a news reporter sits on an R I T clean snowmobile that is on display at Imagine R I T.]()
Showcasing creativity and innovation at Imagine RIT
13WHAM/Fox Rochester previews Imagine RIT in eight segments.
