Tuesday, May 27, 2014

SSL Bug Threatens Internet Security

OpenSSL is a security protocol used on secure websites to encrypt data being shared between a computer and servers. You will recognize a server using a secure protocol by the "s" in https://.   Unfortunately, hackers have figured out how to take advantage of this flaw and used it to collect information stored in the servers memory during the time of the secure transaction. You can read more about "Heartbleed", here.

We have taken steps to secure D219 servers. We are blocking the exploit at the firewall and patching the affected servers, Drupal and Moodle. Also, between 12:30 and 1:30PM today, 4/9/14 the Destiny, Efinance and, Eduphria servers may not be able to accessible during the update. Google has already taken action to secure their servers as they were one of the companies to discover the problem

So, what does this mean to you?  There is a good chance that you have used a vulnerable server, recently and a chance (un-determinable) that personal information may have been stolen.  Again, it is a good time to change passwords following some of the tips and directions from a previous post.

Here is a list of sites affected by Heartbleed.

  

No comments:

Post a Comment