As of Tuesday, April 8, the Office of Information Technology (OIT) has patched all major Web services impacted by the “Heartbleed” bug and has notified campus systems administrators. This security flaw affects OpenSSL, a widely-used technology that encrypts data transferred online.
OIT staff are also updating all of the digital security certificates used to validate server traffic. After the security certificates are updated, all Unity account holders will be notified and encouraged to change their password. A separate notification regarding this will be forthcoming.
What should you do?
- See if there are sites you use that require an immediate password update by checking out http://mashable.com/2014/04/09/heartbleed-bug-websites-affected. Note: when you are notifed to change your Unity password, this will also update your Google Apps @ NC State password.
- Use unique passwords for each of your online accounts. If you have used the same password for multiple accounts, after you are certain the sites have been patched, change your passwords on those accounts to unique passwords.
It’s especially important to use separate passwords with accounts like email and online banking. If a criminal gains access to one account, all of them can be compromised. To keep track of your passwords, consider using a password manager such as KeePass, LastPass or 1Password. See http://en.wikipedia.org/wiki/Password_manager for more information about password managers.
- Test a site to see if it is still vulnerable by going to https://www.ssllabs.com/ssltest and typing in the site’s URL.
- Look out for phishing schemes that will likely play off of this bug. Do not click on suspicious or unknown links in email. Play it safe – type the link directly into your Web browser or navigate to it from a known safe website. For instance, to access the MyPack Portal, type in mypack.ncsu.edu or select it from the menu at the top of the ncsu.edu site.
If you have questions, please contact the NC State Help Desk at email@example.com or 919-515-HELP (4357).