April 10, 2014

Patches, password changes thwart Heartbleed bug

A security issue (denoted the ‘Heartbleed bug’) has been identified that affects some University of Lethbridge systems. This issue is serious and compromises a core encryption technology designed to keep your information safe as it crosses the internet. Most often you would see this technology in use when you visit sites that begin with https.heartbleed-bug

A small number of University machines are affected by this issue, most of which are not accessible from the internet.  The two systems representing the greatest risk are the student email system and the mailman (mailing list) administration console.  These systems were fixed on April 9th  and we have no evidence to indicate they were targeted in any attacks.  As a precaution, students and mailing list administrators who are concerned can change their password if they desire.

ITS is working with faculties, departments, and business units to fix the remaining systems.  System Administrators concerned with the integrity of effected systems are encouraged to change administrative/root passwords.  Users inquiring about the integrity of their accounts are advised that changing one’s password is always the best policy.  Instructions to change University of Lethbridge passwords may be found here: https://www.uleth.ca/webtools/account_tools/pswdchng

For more information about the bug go to: http://heartbleed.com/

Technical support personnel outside of ITS are encouraged to contact the Solutions Centre at help@uleth.ca for further information.

Users with questions or concerns can also contact the Solutions Centre at 2490 or help@uleth.ca