Heartbleed OpenSSL Vulnerability

A critical vulnerability called Heartbleed, which affects services relying on OpenSSL, was announced Monday, April 7. As a result of this vulnerability, users’ private information could be accessed inappropriately.

The IT Services Security Team recommends that users update their passwords for affected services (for example, your bank’s website or social media sites) after the services announce that they have resolved the vulnerability on their systems.

Out of 1,750 UARK systems, the IT Services Security team has identified just over 100 affected systems. As vulnerabilities are addressed, IT Services will notify users if and when UARK passwords should be changed.

IT Services requests that all server administrators inspect the version of OpenSSL installed on their systems, apply a patch if the server is affected and generate new SSL certificates. System administrators should also contact third-party software and appliance vendors to confirm their system is unaffected or vulnerabilities have been addressed.

------
Like IT Services at facebook.com/uarkITS or visit its.uark.edu/news for recent IT Services news.