Alert! New Internet threat — Heartbleed

Information Services would like to alert the WSU community to a new and serious flaw impacting some versions of OpenSSL, a common web site encryption software used by approximately two-thirds of the servers on the internet.

This OpenSSL flaw, known as Heartbleed, has the possibility of exposing the personal data of millions of users by allowing malicious parties access to the encryption keys to some of the web’s largest web services.  Please note that at this time there is no indication that any sensitive or confidential WSU information has been exposed or compromised.  WSU’s main web services were not exposed to or otherwise affected by this flaw.Information Services is monitoring the situation and continues to review WSU web services for potential vulnerabilities.

What’s important to know:

  • Most major web sites corrected this flaw on their systems within hours of its discovery.
  • It is possible that your passwords on many web sites could have been compromised before the flaw was corrected.  WSU Information Services recommends changing your passwords to web sites that you use, especially those the most sensitive sites such as online banking or shopping that could provide access to your financial account information.
  • WSU discourages using the same password for both your WSU accounts and non-WSU accounts.  If you are currently using the same password for WSU access as well as other accounts, IS strongly recommends changing your WSU password to a new, unique password.
  • Avoid online shopping for a few days, if you possibly can.
  • Be very suspicious of any emails asking you to change passwords.
  • Remember that legitimate college emails will never ask you to respond with sensitive information such as password, Social Security number, or bank account number.
  • Apply the latest security updates to your home and work computers, as well as to your mobile devices.

To learn more about Heartbleed check out these additional resources:

Krebs on Security

https://krebsonsecurity.com/2014/04/heartbleed-bug-what-can-you-do/

The Chronicle of Higher Education

https://chronicle.com/blogs/wiredcampus/the-heartbleed-bug-and-how-internet-users-can-protect-themselves/51689

US-CERT

https://www.us-cert.gov/ncas/alerts/TA14-098A

For questions contact the Information Services Help Desk at 509-335-4357 or helpdesk@wsu.edu.

By Communications staff, Washington State University

The Notices and Announcements section is provided as a service to the WSU community for sharing events such as lectures, trainings, and other highly transactional types of information related to the university experience. Information provided and opinions expressed may not reflect the understanding or opinion of WSU. Accuracy of the information presented is the responsibility of those who submitted it. The self-uploaded posts are reviewed for compliance with state statutes and ethics guidelines but are not edited for spelling, grammar, or clarity.

Next Story

Recent News

Inside WSU’s student-run hackathons

Hackathons have become a defining space for student innovation, with two taking center stage this year.
By Sravanthi Yalamanchili, Voiland College of Engineering and Architecture

WSU recognized for support of first-generation students

The university’s elevation to FirstGen Forward Network Champion reflects growing enrollment, improved retention, and expanded support programs helping first-generation students succeed.
By RJ Wolcott, WSU News & Media Relations