shadow_tr
heartbleed icon

What is the Heartbleed Vulnerability?


Posted: 04/14/2014

The Heartbleed vulnerability affects sites that use the OpenSSL cryptographic software library. OpenSSL is used to encrypt web traffic, usernames, passwords, and content transmitted through secure webpages (pages that start with “https”). The Heartbleed bug allows attackers to read the memory of systems using the vulnerable versions of the OpenSSL software.

Successful attackers have the ability to listen in on communications, steal data directly from services and users, and impersonate services and users.

This exploit has been “in the wild “ since December 2011, but public evidence was made available as of Monday evening April 7, 2014 through an OpenSSL advisory.

Our Response
Technology Systems has responded by patching all major systems and critical services by upgrading to the latest version of OpenSSL. We will continue to scan Tulane systems for any exploitation of this vulnerability.

Should you change your Tulane password? Not necessary
Our earlier communications via social media advised users to change Tulane passwords as a safeguard. Now that we have more information, a password change is not necessary.

Contact us at security@tulane.edu if you have questions or need more detail.

For more info:
See Heartbleed.com for more details. If you want to test a particular site for vulnerability to Heartbleed go to http://filippo.io/Heartbleed/#ezionline.ezidebit.com.au

Technology Services, Tulane University, New Orleans, LA 70118 -- TSNOC: 1-866-276-1428 -- help@tulane.edu