Site Accessibility Statement
Wilfrid Laurier University Information and Communication Technologies
October 30, 2014

Canadian Excellence

Headlines


ICT Support: Employee Service Desk

Heartbleed and Laurier

Information and Communication Technologies

Apr 10/14

Contact:

Employee Service Desk x4357

Heartbleed and Laurier

Heartbleed and Laurier: servers not affected; preventative fix installed April 9

Ken Boyd and Carl Langford

April 10, 2014

What is Heartbleed?

Heartbleed is an Internet security breach that goes after a vulnerability in the security protocol, OpenSSL. OpenSSL is a set of open-source libraries that companies use to encrypt their websites. Over half of all secure sites (the ones that show as https: ) use OpenSSL. The vulnerability, if exploited, would enable someone to see your password on a given site and thus compromise whatever information you have stored or access on that site.

Laurier's Systems

ITS became aware of this vulnerability late last week and worked with our firewall vendor to ensure Heartbleed was prevented from coming on our campuses. The vendors have provided us with a preventative fix, which was implemented April 9. ITS servers do not use versions of OpenSSL that are affected, but our fix will prevent any pass through traffic as a result of other systems being compromised. There are some servers at Laurier that are not under ITS control. We are testing them right now. If they are vulnerable they will be taken offline until a fix can be implemented.

Heartbleed and You

Although there is no evidence as yet, it is possible that hackers may have infiltrated your accounts. There are some steps you can take to protect yourself. These are good practices you should always be doing to protect you and your information.

1)Check your accounts for any strange activity or transfers. Contact your financial institutions immediately if you see any unusual activity on your accounts

2)Here is a list of 10,000+ websites that have been scanned for the Heartbleed vulnerability. https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txt

Click Ctrl-F and type in the name of the website you want to check. This list is sorted with the vulnerable sites at the top of the list.

3)Change your passwords frequently. Especially any of your passwords that access your financial information. Change your passwords at least every 6 months, changing every 2 months is preferred. Never reuse a password and don't just add an incremental number at the end of an old password

4)Use strong passwords. Strong passwords include upper and lower case letters, numbers and special characters (!@#$, etc.)

a. Here is an example

i. Weak: password

ii. Stronger: wrdpas$

iii. Strongest:W5dP@$$

5)Be aware of any phishing attempts. We have seen a number of phishing attempts over the last few years. Fortunately we are blessed with a well informed community who are savvy to this kind of activity. We are not aware of any successful attempts and, with your continued help, none will be successful in the future.

View all ICT Support: Employee Service Desk news | View all Information and Communication Technologies news
View all Laurier news