Western Information Technology Services (ITS) was alerted to the most recent Internet threat – known as the ‘Heartbleed bug’ – on Tuesday and took immediate action, said Jeff Grieve, Information Technology Services director.
The Heartbleed bug affects encryption technology meant to protect online accounts, passwords and other personal data. Until this week, the bug has gone unnoticed for two years or more.
“Fortunately, Jeff Gardiner, our central information security officer, and the Network Security Office were proactive in raising awareness of the vulnerability and working with our IT colleagues across campus to identify and mitigate systems that might be at risk,” Grieve said.
ITS has implemented firewall changes to block and detect such attacks. Scans of the entire network are complete, and a list of vulnerable systems has been created. Patching/updating of those systems is complete and/or underway with system owners from across campus.
ITS is not asking the Western community to take any action at this time.
However, Grieve reminded the campus community that regular password changes are always a best practice. Visit the About Passwords page on the ITS website for more details.