Important New Web (OpenSSL) Vulnerability

A vulnerability has been discovered in the OpenSSL cryptographic library. This vulnerability, is also known as the “Heartbleed Bug” it allows anyone on the Internet to read the memory of systems protected by vulnerable versions of the OpenSSL software. This issue should be considered extremely critical due to its impact, long exposure, ease of exploitation, the absence of application logs indicating an exploit attempt and the widespread availability of exploit code.

What URI is Doing

Information Security is currently analyzing URI’s exposure to this vulnerability and will be reaching out to the different groups responsible for our affected systems if any.

What Should you do

First of all, don’t panic. Not all systems use OpenSSL, some that do are not vulnerable, and many websites are already installing patches on their systems.

If you are an administrator of any system, you should immediately upgrade your system to the latest version of OpenSSL. For more guidance, URI system administrators can contact the Information Security Office at security@uri.edu. Administrators of systems outside of URI (e.g., cloud services) should contact the service provider.

For users of non-URI systems

If you do not know if the server you are connecting to has been patched, the most prudent thing to do is refrain from logging into non-URI sites that contain sensitive data for a few days while those non-URI servers are patched. If there is no information from the system owners after that time, you should contact the site to confirm that the patch is in place.

For your personal online safety:

Recent newsworthy, worldwide events have always been accompanied by substantial increases in fraud related to such news: Watch for fraudulent email claiming to be from Uri or from companies with which you do business, as criminals will try to take this opportunity to create targeted phishing email messages to trick people into divulging their passwords. Be watchful for sites that try to tell you that your site or your information has been compromised, especially if they demand personal details, username and passwords or payment.

For your personal online safety the easiest thing you can is to change your passwords for critical sites like banking and email. Be sure to use complex passwords that are difficult for anyone to predict. http://en.wikipedia.org/wiki/Password_strength#Guidelines_for_strong_passwords