Educause Security Discussion mailing list archives

Re: Communications about Heartbleed

From: Hugh Burley <Hburley () TRU CA>
Date: Fri, 11 Apr 2014 19:54:53 +0000

Our message:

++++++++++++++++++

To the TRU community,

 

A serious security risk called the "Heartbleed Bug" has been detected on the
Internet that can put your private information at risk. 

 

TRU is treating this bug very seriously and has identified and fixed all
internal TRU systems.  However you may wish to ensure that external websites
that require you to provide login credentials have also addressed this
issue. 

 

You can use the following tool: http://filippo.io/Heartbleed/  to check if
any given web site is safe. 

 

The TRU Information Security and Privacy Offices will continue to evaluate
external/cloud services that are known to be used by the University.

 

If you regularly use web sites requiring your private information, such as
credit card numbers, we advise you to verify with the site owners that they
are sure the site is not affected by the Heartbleed Bug. If you cannot
obtain such a verification we suggest you use the tool whose link we
provided above to check for yourself or check here:
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ . If you
are not sure either way that the site is clean, we suggest that you delay
using it until the site owner has verified that it is not affected.

 

If you have any questions or concerns please feel free to contact
infosecurity () tru ca <mailto:infosecurity () tru ca>   or privacy () tru ca
<mailto:privacy () tru ca>  .

++++++++++++++++++++++++

Hugh Burley

TRU - Senior Technology Coordinator

 <http://www.tru.ca/its/infosecurity.html> Information Security

CISSP, CIPP/C, CISA

Security, Privacy, Audit

250-852-6351

 <mailto:infosecurity () tru ca> infosecurity () tru ca

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Christopher Jones
Sent: Friday, April 11, 2014 11:58 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Communications about Heartbleed

 

I am curious to know how everyone is communicating the Heartbleed issue to
their respective user communities.  I am particularly interested in what my
fellow Canadian universities are saying.

 

Christopher Jones

IT Security Analyst

University of the Fraser Valley

Christopher.Jones () ufv ca <mailto:Christopher.Jones () ufv ca>

Attachment: smime.p7s
Description:

Current thread:

Communications about Heartbleed Christopher Jones (Apr 11)
- Re: Communications about Heartbleed Peter Setlak (Apr 11)
  - Re: Communications about Heartbleed John Ladwig (Apr 11)
- Re: Communications about Heartbleed Joel L. Rosenblatt (Apr 11)
  - Re: Communications about Heartbleed Christopher Jones (Apr 11)
  - Re: Communications about Heartbleed Ben Marsden (Apr 11)
- Re: Communications about Heartbleed Hugh Burley (Apr 11)