The majority of Vanderbilt systems have not been affected by “Heartbleed,” the Internet security flaw discovered last week. VUIT is continuing to conduct a detailed assessment of Vanderbilt sites and systems and applying necessary fixes to impacted sites and services. Because of the nature of the flaw, it must be identified and addressed in each individual application.
The Heartbleed flaw is believed to have affected more than a third of Web servers worldwide through OpenSSL, a widely used technology used to secure Web communications. Cybercriminals can exploit the flaw to access an individual’s personal information when that information is shared with affected websites or online applications, and data that has been recently accessed is most easily compromised. Please be mindful of this vulnerability as you conduct personal and Vanderbilt business online. If you log into third-party Web application portals to conduct Vanderbilt business, please check with your vendor to see if they are vulnerable to the flaw.
If you manage a server or service and need assistance determining if it is affected, or need assistance addressing the problem, submit a ticket to the VUIT Help Desk and request that the ticket be sent to Security Operations – Incident Response.
The Internet sites listed below have fixed the security problem. If you use any of them, you should consider changing your password.
- Tumblr
- Yahoo
- Gmail (Google)
- Yahoo Mail (Yahoo)
- Amazon Web Services
- Go Daddy
- Dropbox
- Intuit (TurboTax)
- USAA
- Box
- Minecraft
- Soundcloud
- Wunderlist
Read more here for additional comments disclosed from each company.