黄色直播

 

Heartbleed and you

- April 11, 2014

.
.

You鈥檝e no doubt heard of 鈥淗eartbleed鈥 by now 鈥 the computer systems vulnerability that has generated international headlines this week.

The vulnerability has seriously impacted many of the world鈥檚 webservers. It affects certain versions of a webserver component for servers prefixed with the familiar 鈥渉ttps鈥 URL.

黄色直播 has many https servers, and there are many more that our community accesses outside the university.

So how does this affect the university community?

John Bullock, Dal鈥檚 information security manager, explains that Information Technology Services (ITS) moved quickly to address any potential vulnerability on Dal鈥檚 servers.

鈥淭he majority of ITS-managed servers were either never vulnerable or were patched within a few hours of the issue coming to light,鈥 he explains. 鈥淥n Wednesday afternoon we added network protection to guard the remaining servers until they can be patched.鈥

ITS is currently working to identify persons responsible for non-ITS servers on campus so they can be patched shortly. Blackboard (ie. Owl) was never vulnerable to Heartbleed.

Should you change your password?


While Bullock describes the risk as 鈥渓ow to medium,鈥 and there is no evidence that any given system has been compromised, it is entirely possible that passwords could have been discovered from any service (Dal or otherwise) that was vulnerable.

  • If you are at all concerned, you can change your NetID password at (That site was patched prior to noon on Tuesday. If you changed your password since then, you are already covered.)
  • ITS advises faculty and administrative staff to change their Dal password. The more sensitive the data you have access to, the more important it is to play it safe.
  • You should change your passwords for other non-Dal services (email, banking, social media sites) once you know they have been successfully patched.

For more on Heartbleed, .