Advisory re: Heartbleed Exploit

FredQuest Logo
Information Technology Services
103 Maytum Hall
The State University of
New York at Fredonia
Fredonia, NY 14063
Ph: (716) 673-4670

This advisory is regarding a recently discovered, widely publicized, and widespread vulnerability in versions of OpenSSL calledHeartbleed.

At this time we are able to report that SUNY and SUNY Fredonia public facing systems using SUNY Fredonia eServicescredentials (userid and password), as well as Your Connection, Banner, and vendor applications used by SUNYFredonia, were either not affected by the vulnerability or if affected have been patched and SSL certificates replaced.  There is no indication that SUNY Fredonia eServices passwords used to log into SUNY or SUNY Fredonia systems were compromised.   However, this presents an opportunity for you to consider the following:

  • Change your SUNY Fredonia eServices password on a regular basis at https://ww2.fredonia.edu/password/
  • Always use strong passwords following tips in the ITS Winter Newsletter (page 4)  http://www.fredonia.edu/its/news/Winter2014.pdf
  • Do not use SUNY Fredonia credentials on any sites that you use for personal purposes.
  • Do not respond to phishing emails that ask for your password.
  • If you do online banking or credit card purchases/reconciliation check with your provider (bank or credit card company) to verify that any vulnerability has been patched, and then change your password.  This cnetlink can be used to know when or whether to change passwords for the top 100 websites:http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/ 

For more information about OpenSSL and Heartbleed please see the following:

 

Page modified 11/26/14