Nasty Internet-Wide Vulnerability

Last night, a new server vulnerability was disclosed on the Internet that is making shockwaves and causing large amounts of frustration and pain around the world.  Certain versions of OpenSSL, which is used to encrypt web traffic, has been discovered to have a gaping security hole which can allow a remote attacker to read the memory of a vulnerable server.  This attack can be performed remotely and without any authentication whatsoever.  More information regarding this critical vulnerability can be found at:

http://www.kb.cert.org/vuls/id/720951
http://heartbleed.com/

Wayne State C&IT because aware of this issue late last night, and immediately began an analysis to see how much of our computing environment was affected and what the potential risk would be.  Thankfully, no critical systems (Banner, Wayne Connect, Blackboard, Pipeline, WiFi, Academica) are currently at risk.

Centrally-managed servers have been addressed and/or patched at this point.  Other system administrators, including persons supporting hosted systems, have also been contacted to ensure their applications are up to date and secure.  We are running periodic scans of our computing environment to discover any systems which may need additional assistance.

We are continuing to monitor the progress of these events, and will keep the community informed of any developments.

Leave a Reply

Your email address will not be published. Required fields are marked *