The Heartbleed Bug: What You Need to Know and How It Affects Oberlin Web Services
April 9, 2014
By now you've likely heard the news about the Heartbleed bug. The reason this bug is getting so much press is that it exploits a vulnerability in OpenSSL, an encryption method used by more than half of the websites you log into on the internet. Your web browser displays a little padlock beside the URL when you access a secure site, like your bank, that uses OpenSSL.
It's important to keep it in perspective that while Heartbleed was just announced, this security flaw has been around for 2 years. Just because a service was vulnerable doesn't mean the vulnerability was leveraged.
CIT is currently working to identify which, if any, Oberlin services are vulnerable to attack. If any web servers are found to be vulnerable to the Heartbleed bug, CIT will quickly apply the necessary patches to update these systems. At present, there is no need to change the password for your ObieID or any other Oberlin College service.
For more information on how Heartbleed affects off-campus websites and how to protect yourself, please visit the CIT website: http://new.oberlin.edu/office/cit/