News‎ > ‎

Campus and SSG assess 'Heartbleed' Internet security risk - What should I do?

posted Apr 10, 2014, 1:04 PM by Ken Gribble   [ updated Apr 15, 2014, 3:11 PM ]

Information and Educational Technology is distributing a message yesterday in response to the "Heartbleed" Internet hack. Note that Campus is "
not requiring campus users to change their campus Kerberos passphrase". Campus has changed their position on this and advises changing your Kerberos passphrase.

Other websites are suggesting passphrase changes, see below.

In response to this issue, the CS Systems Support Group (SSG) has performed network scans on all CS and IDAV networks and have contacted those people with systems that are vulnerable to this risk.


What Should I do?
Experts are advising to change any passphrase on a site that was vulnerable, after they patch for the issue. If you used a passphrase on multiple sites, and one was vulnerable, change all of those website passphrases as well. While you are doing that, remember, it's best to make a unique passphrase for every site. More information on passphrases.

Places that have reported patching and are advising passphrase changes

These websites are reporting they had the Heartbleed vulnerability, and it is now patched. It is suggested you change your passphrase on these sites now. For other websites, check the Websites Reporting on Heartbleed Patching, below.

Google
Facebook
YouTube
Yahoo!
Wikipedia
Bing
Pinterest
Blogspot
Live
Instagram
Tumblr
Reddit
MSN
Netflix
Microsoft
Flickr
Blogger
Googleusercontent.com
Feedbin
Pinboard
GetPocket
IFTTT
Amazon Web Services (for website operators only, Amazon.com was not affected)
GoDaddy
Intuit
Dropbox
Minecraft
OKCupid
SoundCloud
Wunderlist


Websites Reporting on Heartbleed patching


Comments