On April 7, a major security flaw to parts of the Internet was discovered. This flaw is known as “Heartbleed” and is believed to affect more than a third of Web servers worldwide. The flaw exists in OpenSSL, which is a widely used technology used to secure Web communications. The flaw can be exploited by cybercriminals to access an individual’s personal information when that information is shared with affected websites or online applications.
VUIT has determined that the majority of Vanderbilt systems are not affected by this flaw and is conducting a detailed assessment of those Vanderbilt sites and systems that might be affected now. Because of the nature of the flaw, it must be identified and addressed in each individual application. System administrators across the institution are working now to apply necessary fixes to impacted sites and services.
If you manage a server or service and need assistance determining if it is affected, or need assistance addressing the problem, submit a ticket to the VUIT Help Desk and request that the ticket be sent to Security Operations – Incident Response.
Recently accessed data is most easily compromised. Members of the Vanderbilt community should be mindful of this vulnerability as they conduct personal business online over the course of coming days, and are advised to avoid logging into any unnecessary services on the Internet, unless the owners of that service announce that their systems have been updated.