Kenneth Stafford, Chief Information Officer
The Heartbleed vulnerability is all over the news. This vulnerability impacts websites and some devices offering SSL “secure” links including those for purchasing, online banking, etc. SSL sites are identified with the lock image appearing in the lower corner of a website.
What does this vulnerability do?
It allows a hacker to retrieve the private information temporarily stored in memory during that session of an application.
Information Technology Services is conducting scans of the network to identify vulnerable sites and working with K-State’s system administrators to remediate the vulnerability.
What can you do?
- Check websites that you use to determine if an immediate password update is required. News and information will be posted on the sites that you frequent. Some recommendations for changing passwords are provided in: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected
- Use unique passwords for your online accounts (email, purchasing, banking, etc).
- Test the vulnerability of a site from https://www.ssllabs.com/ssltest by typing in the site’s URL.
- Beware of phishing scams that will use the Heartbleed vulnerability to find ways to steal your credentials.
To learn more visit: http://heartbleed.com
Information Technology Services will update the campus with more information as it becomes available.
