Skip to main content

Information security alert on OpenSSL Heartbleed vulnerability


April 11, 2014

On Monday, April 7, a serious vulnerability was publicized for all systems that use OpenSSL software. OpenSSL is a common framework for authenticating users that is found on Windows, Mac, Linux and other platforms. The ASU technical community has been advised to identify and patch such systems immediately, and to bring vulnerable systems down while remediation of ASU systems is in progress.


With this widespread vulnerability, it is quite likely that many compromised systems exist across the Internet. As with all situations involving potentially compromised systems, it is an effective security practice to reset your account credentials (ID/password) if you believe there is a possibility that you may have logged into a compromised system. This will help ensure that if your credentials were compromised, that an outside entity will no longer have a valid password for your account. It is important that your ASURITE account credentials are unique, updated regularly and not used for systems external to ASU.


For external systems that have been identified as vulnerable, ASU advises changing your credentials once the system has been fixed. For more info, including the long list of affected systems and those that are now reportedly fixed (Yahoo, Tumblr, Dropbox, Netflix, etc.), see https://lastpass.com/heartbleed/.


Please review these important information security tips:https://getprotected.asu.edu/content/security-tips.


For more details about the vulnerability, visit http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/.


For some security tips specific to this vulnerability, visit, https://getprotected.asu.edu/content/openssl-heartbleed-general-user-tips.