ALERT: Internet "Heartbleed" Security Problem - IITS Password Change Request

You have likely been reading about the “Heartbleed” security problem that affects most of the Internet. Our campus was fortunate to have few systems which were vulnerable, and all have been fixed.
 
That said, because of the length of time that this vulnerability may have existed (some experts claim that it may have been up to two years), IITS urges you to change your campus password by going to www.csusm.edu and typing “password” in the search box. The search results will take you to the password change page. 

Additionally, we strongly suggest that over the next few days you change the other passwords you use on the internet. You’ll need to keep an eye out for phishing messages as criminals try to take advantage of this situation. It is strongly recommended that you take the extra step to go to a company’s website and find the “change password” page rather than clicking on links you get via email.

Interested in knowing more about this “Heartbleed” problem? A vulnerability in the software library that encrypts web traffic made it possible for someone to access the session information stored on the server. This information can include your username and password; but, even worse, it could allow someone to capture the encryption keys which are used to identify a server and encrypt the traffic. This would allow someone to perform a "Man in the Middle" attack and represent themselves as a server, capturing all the traffic.
 
There are many good explanations online, including this article from NPR.org.

Teresa Macklin
Information Security/Enterprise Systems
Instructional and Information Technology Services