SPAM, Virus & Hoax Information
Information about the Heartbleed OpenSSL Exploit
On April 7th, 2014 a vulnerability named Heartbleed was disclosed that affected OpenSSL, a software library that is used by many public and private websites to secure communication between you and the site's servers.
What we know:
None of our LBCC hosted web sites use the vulnerable versions of the OpenSSL library so no information has been leaked.
We are not requiring a change of passwords on LBCC hosted web sites at this time. However we will continue to monitor the fallout from this exploit on various computer security blogs and if anything changes we will let you know what to do via email and web postings.
We have tested our Linn-Benton Community College owned web sites along with many other sites that students or staff use and, to this point, we have not found any of them to be vulnerable to the Heartbleed exploit.
However, our hosted Google Apps sites were vulnerable but Google patched their systems early and changed their SSL certificates so they do not believe any user data was compromised. We still recommend changing your Google Apps password just to be safe. WebRunner passwords and data were not vulnerable but if you still want to change your WebRunner password go the WebRunner login page.
Google issued a statement about their systems recently and this is from an abcnews.com article dated April, 9, 2014:
However in a different statement from the site mashable.com on April 9, 2014 they said that it would be a good idea to change your password.
A Google spokesperson said in an emailed statement, "The security of our users' information is a top priority. We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited. We have assessed the SSL vulnerability and applied patches to key Google services."
They later added to their statement saying that, "The security of our users' information is a top priority. We fixed this bug early and Google users do not need to change their passwords."
LBCC Information Services recommends that you change your Google Apps account password, just to be safe, by going to your account settings under your user name or photo in the upper right corner of the browser window and clicking it to open. Once open select 'Account'.
Once in your Account Properties window click the 'Security' section and next to 'Password' select 'Change Password'
- Use a unique password for each site or service
- Use a password that is greater than eight characters and difficult to guess. Longer passwords are better than shorter ones.
- Mix letters, numbers and symbols for the best combination
- Change your passwords regularly