Emory has the necessary safeguards in place to block attempted exploits of the nationwide Heartbleed Bug, a weakness in the cryptographic software that protects usernames and passwords, according to an April 14 information security email sent to all students.
The bug is a serious vulnerability because it allows for unauthorized users to gain access to sensitive data, including user login information and passwords, according to the email. The bug specifically affects OpenSSL, a security component used on many platforms and websites. Specifically, Emory OpenSSL is a component to a system that ensures the safety of usernames and passwords.
According to the email, the bug was announced on Monday, April 7 and a fixed version of OpenSSL was released at the same time. Organizations worldwide have changed their software to accommodate the loophole.
On Tuesday, Emory had all the necessary protocols in place to alert Emory systems of attempts to compromise Emory’s network. Since then, no known attempts have been made to gain access into the network infrastructure.
By Wednesday, Emory had “preventative safeguards” in place to block attempts to compromise Emory’s systems, according to the April 14 information security email.
Derek Spransy, senior information security specialist, wrote in an email to the Wheel that he could not share any additional details beyond what was said in the email sent to community members. He added that the community will be alerted via email if there are additional updates.
According to the email, Emory Information Security is focusing on some systems at a higher risk in an ongoing effort to reduce any potential vulnerability. The email also states that it is important that Emory community members protect themselves from the vulnerability.
Some of the actions the email suggests to take are to change passwords logged into since April 7 and to change passwords again in three to four weeks. The email also stated that it is important to make sure all operating systems, browsers and other applications are up to date to ensure that personal computers are protected.
It is not necessary to change Emory passwords, according to the email. Emory Information Security will be continuing to evaluate the community’s exposure to the issue and ensures that the community will be aware if further action needs to be taken.
– By Brandon Fuhr