Heartbleed Information for Students and Staff

Heartbleed Information for Students and Staff

17 Apr 14

On April 7th, 2014 a vulnerability named Heartbleed was disclosed that affected OpenSSL, a software library that is used by many public and private websites to secure communication between you and the site's servers.

LBCC information Services reports that none of our LBCC hosted web sites use the vulnerable versions of the OpenSSL library so no information has been leaked.

We are not requiring a change of passwords on LBCC hosted web sites at this time. However we will continue to monitor the fallout from this exploit on various computer security blogs and if anything changes we will let you know what to do via email and web postings.

We have tested our Linn-Benton Community College owned web sites along with many other sites that students or staff use and, to this point, we have not found any of them to be vulnerable to the Heartbleed exploit.

However, our hosted Google Apps sites were vulnerable but Google patched their systems early and changed their SSL certificates so they do not believe any user data was compromised. We still recommend changing your Google Apps password just to be safe.

What we recommend you do now:

Change your Google Apps password.

Please see our web site for information about Heartbleed and instructions on changing your Google Apps password. (http://linnbenton.edu/heartbleed-information) WebRunner passwords and data were not vulnerable but if you still want to change your WebRunner password go the WebRunner login page (https://sis.linnbenton.edu/sis/prod/twbkwbis.P_WWWLogin)

If you decide to change your passwords on any other sites you may be using at LBCC or elsewhere we would like to remind you to use secure passwords following best practices such as:
    •    Use a unique password for each site or service
    •    Use a password that is greater than eight characters and difficult to guess. Longer passwords are better than shorter ones.
    •    Mix letters, numbers and symbols for the best combination
    •    Change your passwords regularly

For more details about this issue please visit the LBCC Heartbleed information page (http://linnbenton.edu/heartbleed-information) or see the excellent information at the site http://heartbleed.com. Also if you have a question about a particular LBCC site regarding this vulnerability please call the Information Services Department at 541-917-4353.