Delivering American University's news and views since 1925. | Thursday, October 18, 2018

OIT alerts AU community to "Heartbleed"

The Office of Information Technology alerted students and faculty about a serious internet security flaw in an email on Thursday.

OIT alerts AU community to "Heartbleed"

The Office of Information Technology (OIT) notified the AU community on Thursday about a newly-discovered security breach affecting several of the internet’s most popular websites.

The bug, codenamed “Heartbleed” by cybersecurity experts, refers to a serious flaw in OpenSSL, a widely-used method of encryption meant to protect private data such as password and credit card information from hackers. Major internet security firms including Kaspersky Lab and Trend Micro warn that hackers aware of the flaw may have stolen that data during the more than two years it went undetected.

Several major websites that use OpenSSL, including Pinterest, Tumblr and Google services.

The sites have taken steps to seal the security vulnerability but suggest that their users change their passwords as a precaution, according to statements released by each company.

OIT has already taken steps to fix the security hole caused by OpenSSL in AU’s systems, according to an email sent out to AU’s community on Thursday evening.

“We were fortunate to have few that were vulnerable,” the statement said, though it noted that it had repaired a vulnerability in AU’s VPN service related to OpenSSL.

OIT notes that Gmail, used to host AU student email, could potentially have been affected by Heartbleed. Google has since taken steps to correct the issue.

“Since our students use AU-sponsored Gmail accounts,” OIT said in the email. “We verified that Google had already patched their vulnerable services.”

OIT recommends that students using AU-sponsored or personal Gmail accounts change their passwords. Students who use the same password for their AU account as they do on other sites should change their AU password as soon as possible to prevent “exposing AU systems to criminals.”

An article by Mashable lists affected websites and whether it is necessary for their users to change their passwords. Another website, heartbleed.com, has been set up for those seeking more technical information explaining the Heartbleed bug and how internet users can defend themselves against it.

aalvarez@theeagleonline.com


Never miss a story.

Get our weekly newsletter in your inbox.