Security Note – OpenSSL ‘Heartbleed’ Vulnerability

As you may have read in mainstream news media outlets, a vulnerability was recently discovered in certain versions of OpenSSL which could allow a remote attacker access to sensitive data on certain types of servers.

LIS has already patched relevant local systems and is working with vendors to ensure that any relevant externally-hosted systems are similarly patched. There is no evidence to suggest that Middlebury account credentials have been compromised.

More information about the vulnerability is available on the LIS Information Security web site’s ‘Threat Bulletin’ area: http://www.middlebury.edu/media/view/475111/original/middlebury_threat_bulletin_openssl_heartbleed.pdf

If you have specific questions, please feel free to email infosec@middlebury.edu.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>