Information Technology

OpenSSL and Heartbleed

In the past few days, another Internet security story has made the headlines.  This new threat, referred to as "Heartbleed," exploits a vulnerability on secure (https) websites that use OpenSSL.  

The following site may be helpful in telling you which passwords you need to change right now, such as FaceBook, Tumblr, Gmail, etc.: 

Fortunately, only a dozen or so systems at Amherst were subject to this vulnerability and our systems were patched by noon on Tuesday, April 8. Our concern for Amherst usernames and passwords is very low.

For non-Amherst IT services that you use (including social media sites, online banking, shopping sites, and so forth) we recommend that you change passwords and monitor your sensitive online accounts (banking, email) for any suspicious activity. As always, we recommend that you not use the same password across multiple systems.

Please be on your guard as this may lead to a deluge of phishing attempts with links requesting that you change your password.

If you would like more information, NPR has a good explanation of this issue:

Gayle Barton
Chief Information Officer