Heartbleed Bug Status at the College of Charleston

What is the Heartbleed Bug?

On Monday April 7, 2014, security researchers discovered a flaw in one of the tools used to secure internet traffic. That tool, called OpenSSL, is responsible for providing security on the Internet. This vulnerability, named the Heartbleed bug, could allow attackers to steal usernames, passwords and other protected information from supposedly secure website servers.

Why does this matter?

Much of the internet relies on OpenSSL to protect secure traffic. At least 500,000 servers world-wide appear to be affected by the bug, and some personal computers and mobile devices are also affected. Until the bulk of affected computers are fixed, or “patched,” any secure site on the internet is potentially dangerous to visit.

What is the College of Charleston doing?

The College of Charleston does use OpenSSL and some systems may have been vulnerable to the Heartbleed bug. The Information Technology division has taken an aggressive approach to remediating this vulnerability, and has applied all appropriate patches to minimize the risk within College systems that may have been vulnerable. Further information will be published on the IT blog site at http://blogs.cofc.edu/it/.

What should I do?

There has been quite a bit of fear, uncertainty, and doubt cast upon this vulnerability by media outlets. While this is a serious vulnerability, security folks at CofC and around the world are working around the clock to reduce the risk. Nevertheless, there are some things you can do to minimize the risk:

  • Check critical websites (bank, credit card, email provider, etc.) for a statement about Heartbleed.
  • Closely monitor your online systems and accounts.
  • Avoid online banking and shopping for a few days, if you possibly can.
  • Don’t change your online banking password until your bank tells you that it’s OK; otherwise you may just be giving attackers your new password.
  • Be very suspicious of any emails asking you to change passwords.
  • Remember that legitimate CofC emails will never ask you to respond with sensitive information such as password, SSN, or bank account number.
  • Apply the latest security updates to your home and work computers, as well as to your mobile devices.
  • If in doubt, ask! Feel free to contact the IT Helpdesk at 843-953-3375 or Helpdesk@cofc.edu.

More details about the “Heartbleed” vulnerability can be found at the following links:

Information and data was provided by Information Technology and The College of Charleston, University of Southern California and Colorado State University.