A recent vulnerability in a popular website security tool has impacted Internet users throughout the world and could leave Penn State student, faculty and staff information exposed. Called the Heartbleed Bug, this Internet-wide vulnerability allows attackers to bypass OpenSSL, the secure form of communication most websites use to keep information safe. The Heartbleed Bug permits attackers to sidestep website encryption and gain access to information that may include passwords, credit card information and other personal data.
Penn State’s Information Technology Leadership Council (ITLC) and Information Technology staff across the University are supporting Security Operations and Services in its effort to scan the University network to identify and mitigate vulnerable OpenSSL instances and active exploits.
Penn State users are strongly encouraged to watch for notifications from password-protected Web services such as financial institutions and email providers. These services may ask for or require a password change if an exploit has been detected.
Area network administrators at the University are being given information to fix the Heartbleed Bug vulnerability and encouraged to replace website security credentials. The replacement of credentials will be required if there is evidence of any exploit.
Penn State is assessing the extent of any possible damage from the Heartbleed Bug and will provide Penn State users with updates and recommendations as they become available.
For the most current information about the Heartbleed Bug and Penn State, visit http://sos.its.psu.edu/2014/04/the-heartbleed-bug.html.
Contact the IT Service Desk at 814-865-4357 or itservicedesk@psu.edu with any questions.