You may have heard this week about the discovery of a severe vulnerability that has affected the security of many websites. This flaw, called the Heartbleed bug, was discovered Monday in a popular open-source software package, OpenSSL, that is used to encrypt usernames, passwords, and other sensitive communications between a person’s browser and a website. (Not all websites that use OpenSSL are vulnerable, however.)
Fixes for this flaw have been announced, and we are now working to quickly identify all systems affected at The New School. Most core systems have either been patched or are not vulnerable to this bug. MyNewSchool, Banner, and Touchnet (a credit card payment system), for example, are safe to use. Google has also announced that its core services, including GMail and Apps, have been patched.
Even though most of our systems were not vulnerable, situations like this provide a useful reminder to change your password for added security. If you have concerns about securely connecting to any New School website because of this flaw, contact the New School IT Help Desk at firstname.lastname@example.org.
For non–New School websites, such as your bank and your personal email, you may wish to check online or wait to receive notification from the site operator that the system is safe to use. If no information is available, contact the site to confirm that it has not been affected by this vulnerability. You can use this Heartbleed test site to test websites’ vulnerability as well, but be sure to read the test site’s FAQ to understand the validity of the results.