[Plantsci] FW: Heartbleed Open SSL Vulnerability

Marquez, Mario A - (marquezm) marquezm at email.arizona.edu
Fri Apr 11 10:03:02 MST 2014 

 [CALS_Users] Heartbleed Open SSL Vulnerability

ATTN all CALS:

As many of you have heard a major vulnerability in OpenSSL has been discovered. That vulnerability has been named "Heartbleed". 

How does this affect you?  When you visit secure websites, such as banking, shopping, and email the communications between your computer and the web server is usually encrypted.  Encryption makes it impossible for anyone else to read the sensitive information being exchanged between your computer and the web server. The "Heartbleed" OpenSSL flaw could allow attackers to see data going to and from vulnerable websites.  This flaw has affected many servers around the world and has actually existed for two years. 

Scans have been run on the CALS websites and websites hosted on the CALS server, they are secure. Even so, all the SSL certificates on the CALS server will be replaced. We have also run scans on local banks and major shopping sites and the following list of websites are NOT  vulnerable to "Heartbleed"  and are safe:

Arizona State Savings and Credit Union
Tucson Federal Credit Union
Chase
Vantage West
Hughes Credit Union
Wells Fargo
Pima Federal Credit Union
Bank of America
US Bank
Amazon.com
Paypal
eBay
Barnes and Noble
Facebook
Twitter

Because this security flaw in OpenSSL has existed for two years, there's no way of knowing whether the bad guys discovered it first and that there has already been breeches. Therefore, it is recommended that you change your passwords to Facebook, Twitter and any financial institutions you use online as a precaution and do not use the same password for multiple sites. It is also recommended that you closely monitor your financial sites for the next 6 months for any suspicious activity. 

If you want to test whether a website is safe, you can use this simple testing tool at:     hxxps://www.ssllabs.com/ssltest 
(replace the "hxxps" with "https" when you type it into your web browser)  Once at this site, plug in the URL of the website you wish to scan in the Domain Name and click Submit. The results will tell you if that site is vulnerable to "Heartbleed".

***Also be aware of Phishing emails that ask you to change your password or give away ANY personal information. There are bad guys looking to exploit the fears brought on by this recent vulnerability.***


Tod Gregoire
Information Security Officer
College of Agriculture and Life Sciences Tucson, AZ
85721
Gregoire at cals.arizona.edu
_______________________________________________
CALS_Users mailing list
CALS_Users at cals.arizona.edu
http://CALSmail.arizona.edu/mailman/listinfo/cals_users

More information about the Plantsci mailing list