The Heartbleed Bug
On April 7, 2014 researchers uncovered a serious vulnerability in widely used OpenSSL encryption software. OpenSSL encryption software provides communications security and privacy over the Internet for applications such as web, email, instant messages and virtual private networks (VPN).
What does this mean?
“The Heartbleed bug compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
- Systems Affected
- Web Servers
- Email Servers
- Instant Messaging Servers
- Scanned all Brookdale systems
- Applied patches to any systems found vulnerable
- Reviewing vulnerability reports from our system manufacturers
What should I do?
- OIT is NOT asking you to change your password at this time
- Check your banking website for information regarding the steps they have taken to secure their servers. You may be prompted to change your password
- Cautiously evaluate any emails requesting you to change your passwords. If you receive emails asking you to change passwords, DO NOT CLICK ON PROVIDED LINKS. Instead, navigate to your provider directly and use the password reset option.
- Apply the latest security updates to your home computers, as well as, the OS on your mobile devices.
- Update your web browsers.
- Clear out your Web browser’s cache. Refer to the OIT FAQs (support page Web Browsers tab)
- Protect yourself by using a different password for your social media websites, your banking websites, and your Brookdale accounts.
Additional Resources and Information:
If you have any questions or require assistance, please contact the OIT Help Desk at extension 2829 or via email at firstname.lastname@example.org.