There has been a lot written lately about the Heartbleed password security issues. Below is an overview about the issue and what GCC computer services staff has done and will do. If you suspect that you have a work-related Heartbleed issue please contact the help desk at Helpdesk@genesee.edu or 1 866 614-5004.
What’s all this about Heartbleed?
On April 7, researchers found a flaw in one of the tools used to secure internet traffic. That tool, called OpenSSL, is responsible for providing security on the internet. The bug allows an attacker to capture usernames, passwords, and pretty much any other information.
Why does this matter?
Much of the internet relies on OpenSSL to protect secure traffic. At least 500,000 servers world-wide appear to be affected by the bug, and some personal computers and mobile devices are also affected. Until the bulk of affected computers are fixed, or “patched,” any secure site on the internet is potentially dangerous to visit.
What is GCC doing?
GCC has updated our wireless software and we are reviewing all fileservers for vulnerabilities. When necessary, security patches will be (or have been) applied. We will continue to monitor the situation going forward.
What should I do?
First off, don’t panic. While this is a serious vulnerability, Computer Services, as well as folks around the world, are working to reduce the risk. Nevertheless, there are some things you can do while the world catches up:
- Avoid online banking and shopping for a few days, if you possibly can.
- Don’t change your online banking password until your bank tells you that it’s OK; otherwise, you may just be giving attackers your new password.
- Be very suspicious of any emails asking you to change passwords.
- Remember that legitimate GCC emails will never ask you to respond with sensitive information such as password, SSN, or bank account number.
- Apply the latest security updates to your home and work computers, as well as to your mobile devices.
For more information, NPR’s Marketplace story is a great place to start, and Mashable and CNet.com have provided lists of sites that have been affected. CNet.com also provided information on more recent activity.