ITS is aware of a security issue known as the "Heartbleed Bug." Heartbleed is a flaw in OpenSSL, which is used to encrypt data on a majority of websites, including WCMC sites. This vulnerability allows hackers to obtain the secret keys used to encrypt web traffic and can expose usernames, passwords and other sensitive data.
How will this affect you?
Our Security Team has already begun working on making the necessary security patches to all ITS-managed servers running OpenSSL. There is no evidence that any WCMC sites have been compromised, but we are aware that this flaw in the OpenSSL code has existed for two years.
If you are running your own web server with OpenSSL, we highly recommend contacting your vendor or server administrator.
You can also contact the ITS Service Desk at 212-746-4878 for additional assistance.
What do you need to do?
As always, please monitor your accounts for any sign of malicious activity, including fraudulent emails attempting to extract more personal data from you. You can reference our 5 Tips to Avoid Internet Fraud at WCMC article for assistance.
If you believe any of your accounts have been compromised, please call the Service Desk immediately.
More information about the Heartbleed Bug can be found at www.heartbleed.com.