InfoSec Newsletter - July 30th, 2014
By Chelsie Power
You may have heard of something called “Heartbleed” in the news over the past several months. What is it? Hearbleed is a security vulnerability or “bug” that was discovered in the OpenSSL cryptography library that allows more data to be read in clear, unencrypted text than should be allowed. In other words, this bug makes it easy for passwords and other confidential or sensitive data to potentially be accessed. Around 17% of the internet’s secure web servers were believed to be vulnerable to attack at the time of disclosure.
Many institutions, including CSUSM, manage websites that use OpenSSL technology. This bug could have potentially allowed hackers to access usernames, passwords, session cookies and server private keys. This vulnerability highlights why it is very important to change your password once every 3 months, A strong password is at least eight characters long, uses a combination of letters, numbers, capitalizations and non-dictionary words, and is significantly different from previous passwords.
IITS immediately responded to the threat by first assessing the situation and then determining which systems were vulnerable as only specific versions of OpenSSL contained the bug. The affected systems were patched and updated to a safe version of of OpenSSL, followed by a replacement of their SSL Certificates.