PULLMAN, Wash. – Information Services is alerting the Washington State University community to a new and serious flaw affecting some versions of OpenSSL, a common website encryption software used by approximately two-thirds of the servers on the Internet.
At this time there is no indication that any sensitive or confidential WSU information has been compromised. WSU’s main Web services were not exposed to or otherwise affected by the flaw.
Known as Heartbleed, the flaw has the potential of exposing the personal data of millions of users by allowing malicious parties access to encryption keys to some of the largest Web services.
Information Services is monitoring the situation and continues to review WSU Web services for potential vulnerabilities.
What’s important to know:
• Most major websites corrected this flaw on their systems within hours of its discovery.
• It is possible that your passwords on websites could have been compromised before the flaw was corrected. WSU Information Services recommends changing your passwords, especially those on the most sensitive sites such as online banking or shopping with financial account information.
• WSU discourages using the same password for both your WSU accounts and non-WSU accounts. If you are doing so, it is strongly recommended that you change your WSU password.
• Avoid online shopping for a few days if you can.
• Be very suspicious of any emails asking you to change passwords.
• Remember that legitimate college emails will never ask you to respond with sensitive information such as password, Social Security number or bank account number.
• Apply the latest security updates to your home and work computers as well as to your mobile devices.
To learn more about Heartbleed check out these resources:
The Chronicle of Higher Education
Contact the WSU Information Services Help Desk at 509-335-4357 or helpdesk@wsu.edu with questions.