What is the Heartbleed Bug?
On Monday April 7, 2014 there was a public release documenting a flaw in certain versions of OpenSSL framework, which is commonly used to secure Internet traffic. This bug might have impacted as many as 2/3 of companies. The discovered vulnerability, nicknamed the Heartbleed bug, has the potential to compromise computing resources and allow attackers to steal usernames, passwords and other protected information from previously-thought-secure resources. Heartbleed is a sever security issue that the Internet community is taking seriously. More information about the bug can be found at http://heartbleed.com
Why does this matter and how might I be affected?
Scope and ease of attack. Much of the Internet relies on security provided by the OpenSSL framework as a way to communicate securely. Some estimate that at least 500,000 servers world-wide might be affected. Until the bulk of affected computing resources are updated with newer software, you should assume that any previously secured site on the Internet is dangerous to visit. Pay more attention to those sites delivering secure, protected or personal information, as well as any site requiring a login.
How has Clemson been addressing this issue, are we safe from it?
Clemson University uses the OpenSSL framework, and we have identified those systems suspected to be vulnerable to the Heartbleed bug. CCIT took an immediate and proactive approach to identifying our exposure and remediating this vulnerability in our centrally managed systems. Prior to the discovery of this bug and our remediation response to secure our systems from it, we already leveraged other mitigating controls to help provide security.
Do I need to do anything?
The national exposure that this vulnerability has generated increases uncertainty about the security of our systems. While this is a serious vulnerability, operations, network and information security teams at Clemson University and around the world have been working around the clock to minimize exposure to this vulnerability. While we feel that you have been and are safe using computing resources centrally managed by CCIT, here are some helpful tips.