Friday, April 11, 2014

Heartbleed Bug

The following is an update to the Manhattan College community regarding the recently discovered Heartbleed software bug -

ITS has been working with our software vendors to investigate our exposure to the recently identified Heartbleed bug that affects OpenSSL software - one of the most common cryptographic libraries used to secure Internet communications such as secure websites (via https://) and VPNs.

The majority of our "production" systems such as, Banner, self-service, SSO, Moodle, etc were never vulnerable to the flaw based on the version of software installed on these systems.  Some "test" systems with limited access were vulnerable, but patched by Tuesday AM.  Additionally, ITS is taking preventative measures to update software and configurations on all systems running OpenSSL cryptographic software as a precaution.

What do I need to do?  Be aware of scams!

In the coming days, you may be notified by various services related to your social media, banking, or other accounts potentially affected by the Heartbleed bug.  Take these notifications seriously and consider changing your password on these services.   Currently, no action is required for your JasperNet account.  If this changes, the campus community will be notified.

Be aware of scams!  With the legitimate notices will come "phishing" scams from illegitimate sources asking for your username, password and/or other personal information.  ALWAYS verify the legitimacy of these types of messages and NEVER give your password or personal information unless you are certain that you are dealing with a trusted service.  Tips on how to avoid phishing scams can be found here: