SPAM, Virus & Hoax Information

Information about the Heartbleed OpenSSL Exploit

On April 7th, 2014 a vulnerability named Heartbleed was disclosed that affected OpenSSL, a software library that is used by many public and private websites to secure communication between you and the site's servers.

What we know:

None of our LBCC hosted web sites use the vulnerable versions of the OpenSSL library so no information has been leaked.

We are not requiring a change of passwords on LBCC hosted web sites at this time. However we will continue to monitor the fallout from this exploit on various computer security blogs and if anything changes we will let you know what to do via email and web postings.

We have tested our Linn-Benton Community College owned web sites along with many other sites that students or staff use and, to this point, we have not found any of them to be vulnerable to the Heartbleed exploit.

However, our hosted Google Apps sites were vulnerable but Google patched their systems early and changed their SSL certificates so they do not believe any user data was compromised. We still recommend changing your Google Apps password just to be safe. WebRunner passwords and data were not vulnerable but if you still want to change your WebRunner password go the WebRunner login page.

Google issued a statement about their systems recently and this is from an abcnews.com article dated April, 9, 2014:

A Google spokesperson said in an emailed statement, "The security of our users' information is a top priority. We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited. We have assessed the SSL vulnerability and applied patches to key Google services."

They later added to their statement saying that, "The security of our users' information is a top priority. We fixed this bug early and Google users do not need to change their passwords."

However in a different statement from the site mashable.com on April 9, 2014 they said that it would be a good idea to change your password.
“We have assessed the SSL vulnerability and applied patches to key Google services.”
 
*Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry.
 
What we recommend you do:

LBCC Information Services recommends that you change your Google Apps account password, just to be safe, by going to your account settings under your user name or photo in the upper right corner of the browser window and clicking it to open. Once open select 'Account'.

ChangeGooglePassword

Once in your Account Properties window click the 'Security' section and next to 'Password' select 'Change Password'
 
GoogleChangePassword2
 
If you decide to change your passwords on any sites you may be using at LBCC or elsewhere we would like to remind you to use secure passwords following best practices such as:
  • Use a unique password for each site or service
  • Use a password that is greater than eight characters and difficult to guess. Longer passwords are better than shorter ones.
  • Mix letters, numbers and symbols for the best combination
  • Change your passwords regularly
For more details about this issue please see the excellent information at the site http://heartbleed.com. Also if you have a question about a particular LBCC site regarding this vulnerability please call the Information Services Department at (541) 917-4353.