department menu

Heartbleed: The Latest Security Threat

InfoSec Newsletter             July 30th, 2014

Heartbleed: The latest Security Threat

By Chelsie Power

You may have heard of something called “Heartbleed” in the news over the past several months. What is it? Hearbleed is a security vulnerability or “bug” that was discovered in the OpenSSL cryptography library that allows more data to be read in clear, unencrypted text than should be allowed. In other words, this bug makes it easy for passwords and other confidential or sensitive data to potentially be accessed. Around 17% of the internet’s secure web servers were believed to be vulnerable to attack at the time of disclosure.

How does it affect you?

Many institutions, including CSUSM, manage websites that use OpenSSL technology. This bug could have potentially allowed hackers to access usernames, passwords, session cookies and server private keys. This vulnerability highlights why it is very important to change your password once every 3 months, A strong password is at least eight characters long, uses a combination of letters, numbers, capitalizations and non-dictionary words, and is significantly different from previous passwords.

What we are doing to protect?

IITS immediately responded to the threat by first assessing the situation and then determining which systems were vulnerable as only specific versions of OpenSSL contained the bug. The affected systems were patched and updated to a safe version of of OpenSSL, followed by a replacement of their SSL Certificates.

More information:


Everything You Need to Know About Heartbleed

OpenSSL Advisory

Wiki Article on Heartbleed

The ‘Heartbleed’ Bug and How Internet Users Can Protect Themselves