You may have heard news of the "Heartbleed" Internet security breach or gotten an email about it from friends. This email tells you what you need to do, which is, unfortunately, not as easy as just "change your passwords." It's organized in the ever-popular "Q&A" format.
Q: Is my school email safe?
A: Probably. We use Google Apps, and it was a Google researcher who found the flaw, and Google patched its systems very quickly. But you should change your OSD password just to be safe.
Q: Is Infinite Campus safe?
A: OSD's IC server appears to be unaffected or fixed. Regardless, your IC password should be the same as your OSD email/network password, so you don't need to do anything specifically regarding IC.
Q: How about Skyward?
A: Skyward was never vulnerable due to the version of SSL it used, so your personal and HR information is not at risk.
Q: What do I need to do?
A: This is a two step process:
- Check to see if a site has been fixed. (Check the top 100 web sites here.)
- AFTER a site has been fixed, then change your password for that site.
Q: Why not just change all my passwords right away?
A: Until a site has been patched, if you change your password, then the attacker can potentially get your new password as well. So wait until the site is patched before changing your password. More info here.
Q: What about sites that aren't in the top 100 list, like my bank?
Q: Why is this such a big deal?
A: It potentially affects half of secure sites on the web, has been around for two years, and was only recently reported. More info here.
No comments:
Post a Comment