You may have recently heard about the “Heartbleed” security bug that has affected the Canada Revenue Agency’s website and other sites around the world. Take a look below to find out how we’re dealing with the issue at Queen’s and what it means for you.
Heartbleed is a security bug or programming error in many versions of “OpenSSL.” OpenSSL is software code that is used to encrypt and protect things like passwords and other information that hackers could use to enter into secure websites. OpenSSL versions 1.0.1 through 1.0.1f (inclusive) are affected. The vulnerability created by Heartbleed means that individuals on the Internet can decode and read previously protected sensitive information on compromised websites.
Queen’s is in a good situation. Much of our SSL processing is done by F5 load balancers, which are NOT vulnerable to something like Heartbleed. ITServices has completed several scans and only a few minor problems have been identified on campus, which are being triaged by urgency. Those most affected have already been contacted by ITServices so that solutions can be worked on, and those less affected will be contacted throughout the day.
To start, you can do a test yourself (check "do not show") to see if a website has been affected. If you find a Queen’s website that has been affected, please let ITServices know immediately by contacting the IT Support Centre at 613.533.6666, or via the online help form.
If you’re curious and would like to learn more about Heartbleed, you may want to check out the website set up by the researchers who discovered the issue.