OIT Tech 32px
Mar. 28 maintenance will affect most major online systems, including VoIP phones
10 digit dialing for 740 area code takes effect Mar. 21
Catmail tip: Finding folders in OWA
Blackboard upgrade: 2015 preview server now availalbe
Watch out for scams in wake of Anthem breach
Email upgrade: Second round of Catmail preview sessions week of Feb. 9
Tech Ability proposal template
Tech Ability conference solicits proposals on accessibility and IT
What's in a survey? Qualtrics contest offers $10K to find out.
Email upgrade: What mobile device users need to know

Heartbleed: What you need to know about the Internet security bug

Thursday, April 10, 2014
Sean O'Malley  

Digital snooping visual metaphorThis story was edited at 11:30 am on April 11, 2014.

The recently disclosed Internet security vulnerability nicknamed "Heartbleed" is causing heartburn for Internet users around the world - for good reason. 

Dubbed by some as the "worst Internet bug ever," the OpenSSL vulnerability makes it possible for hackers to decipher information sent over encrypted connections and to read data from the memory of vulnerable systems.

In plain English, hackers can use this bug to steal passwords and snoop on online transactions.

Ohio University's response

Upon learning of the vulnerability, OIT's Information Security office began scanning the university network to identify vulnerable systems. Those systems then were either patched or, if a patch was not yet available, taken offline to prevent anyone from exploiting the vulnerability. Much of this work took place behind the scenes with little noticeable impact. 

The university's SSL VPN and guest wireless network both were taken offline until their vendors could supply an appropriate security patch. The VPN came back online at 11:40 am on April 9. The guest wireless network was re-enabled at 4:00 am on Friday, April 11.

What you should do

Although OIT has no direct evidence of this bug being exploited at Ohio University, you should take the following steps to protect your university account:

  1. If you have used either the SSL VPN or Ohio University Guest wireless network, then you should change your password.
  2. Do not reuse your OHIO password for any non-university site or service. If you currently are doing this, then you should change your OHIO password immediately.
  3. Phishing attacks are likely to increase in the coming weeks, as scammers take advantage of widespread password change recommendations. Do not respond to unsolicited emails asking you to click a link to update your password or activate/verify your account.

When changing your OHIO password, don't forget to update the stored email and WiFi passwords on your mobile devices, otherwise your account could become locked for a short period of time.

If you have any questions, contact the OIT Service Desk at 740-593-1222.

Related Links

CNN article about Heartbleed 
NPR blog post about Heartbleed
List of affected providers (compiled by mashable.com)