April 11, 2014

Protect Yourself Against Heartbleed

Posted 4/11/2014

By Holly LaRose-Roenicke

As many of you may have heard, a flaw has been discovered in a common Internet security method. Although no specific security breaches have been identified, the flaw could allow malicious users to steal personal information. The flaw is associated with specific versions of OpenSSL, which is software that is widely used to secure web server traffic. The flaw is known as the "Heartbleed" vulnerability.

Many common websites using OpenSSL have been identified as vulnerable, including Yahoo!, Flickr, NASA and Facebook, among others. A fix for this flaw, which was announced this week, is available, and Internet service providers and website managers around the world are working to implement the patch.

What You Need to Do

ITS is strongly urging all SVSU students, staff and faculty to change your network password. To change your password, please go to my.svsu.edu and click on "changing your password" below the login box and follow the prompts to change your current password. 

Other Websites

  • For non-SVSU web services that contain sensitive data,  refrain from logging in for a few days while those are servers are patched or until you are certain they are not at risk. Or check a list of 100 most common websites and whether they have been fixed.
  • Confirm that websites you use have checked their systems and fixed them if needed. Once a website has patched the Heartbleed vulnerability, you should change your password for that site as swiftly as possible.
    • The password security firm LastPass has set up a Heartbleed Checker, which allows you to enter the URL of any website to check its vulnerability to the bug and whether the site has issued a patch.
  • If the site or service hasn't patched the flaw yet, contact the company and ask when it expects to push out a fix to deal with Heartbleed.
  • If they have not patched the flaw, avoid logging in to their service until they do. Once they confirm they have fixed the problem, then change your password.

To get detailed information on this bug, you can visit the http://heartbleed.com/ website.

The safety and security of the Saginaw Valley community is paramount – please use the above resources to ensure your personal information is protected.