Griffith, The Heartbleed Bug and You

  • A bug recently found in a commonly used data encryption tool has had an impact on computer systems around the globe. Are you affected?

You may well have seen stories in the news recently about “Heartbleed”. Heartbleed is a bug in some versions of a widely used data encryption tool named OpenSSL, which if taken advantage of, can allow “eavesdropping” on otherwise secure internet traffic.

A lot of internet services, including secure web sites (those which display a padlock icon), utilise this tool so it’s been a busy time for system administrators across the globe checking their systems and patching them against the bug if necessary and Griffith has been no exception. Since we first received notice of the Heartbleed bug, INS has been working to ensure that Griffith’s systems are not vulnerable and that your data is protected and safe from this vulnerability.

Since stories about Heartbleed appeared in the news, INS has received a number of queries from both staff and students asking if their own desktops, laptops, smartphones and tablets could be affected by Heartbleed (referred to in the press as a “Reverse Heartbleed” attack).

The following should address any concerns you may have (with apologies for the necessarily technical details):

  • 1. Griffith assets running the Griffith SOE are not vulnerable to “Heartbleed”.
  • 2. Microsoft Windows and Apple OSX desktops and laptops are unaffected by “Heartbleed”. However, we strongly recommend applying any updates released for your device.
  • 3. Google has advised that smartphones, tablets etc running Android version 4.1.1 are vulnerable to “Heartbleed” related security issues and should be updated.
  • 4. Other versions of Android are not vulnerable to “Heartbleed”.
  • 5. Advice received to date is that other smartphones and tablets (including iPhone, iPad and Windows based phones) are unaffected by “Heartbleed”. However, we strongly recommend applying any updates Apple, Microsoft etc release for your device.
  • 6. Some versions of the Linux operating system might be vulnerable to “Heartbleed”. If you have a device running Linux, or any other unix variant including Raspian, you should ensure that it is fully patched; at the very least ensure that the version of OpenSSL installed is not between 1.0.1 and 1.0.1f. (version 1.0.1g is the first release of the 1.0.1 version tree which is not vulnerable to Heartbleed).

For advice on selecting secure passwords visit the Password Tips webpage.

For more information on IT Security, you can visit the IT Security website.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s