April 11, 2014
Heartbleed vulnerability security issue
Submitted by Ken Stafford, chief information officer
The Heartbleed vulnerability is all over the news. This vulnerability impacts websites and some devices offering SSL "secure" links including those for purchasing, online banking, etc. SSL sites are identified with the lock image appearing in the lower corner of a website.
What does this vulnerability do?
It allows a hacker to retrieve the private information temporarily stored in memory during that session of an application.
Information Technology Services is conducting scans of the network to identify vulnerable sites and working with K-State's system administrators to remediate the vulnerability.
What should you do?
- Check sites you use to determine if an immediate password update is required. News and information will be posted on the sites that you frequent. Here are some recommendations for changing passwords.
- Use unique passwords for each of your online accounts (email, purchasing, banking, etc).
- Test the vulnerability of a site from ssllabs.com/ssltest by typing in the URL of the site you're concerned about.
- Beware of phishing scams that will use the Heartbleed vulnerability to find ways to steal your credentials.
To learn more at heartbleed.com.
Vulnerability Note VU#720951 http://www.kb.cert.org/vuls/id/720951