Written by John Gohsman,
Vice Chancellor of Information Technology
and Chief Information Officer
Dear colleague in the Washington University community,
As you may have heard in the news or online in recent days, there is a new threat to Internet security known as Heartbleed. This vulnerability opens certain websites to attack, and it provides hackers access to critical information such as usernames, passwords and other sensitive data from affected servers.
We wanted to let you know that the Information Security Office at WUSTL has tools to detect that vulnerability and to assure you that your WUSTL Key accounts are not affected by Heartbleed.
We notified administrators of campus systems that are vulnerable, and vulnerable systems are all being fixed. School and department IT administrators will let their users know if a password change is needed.
You may want to change the passwords you use on non-WUSTL sites out of an abundance of caution. In fact, some non-WUSTL sites may force you to change your password in coming days. However, be careful to avoid clicking on any phishing email links that say something like “Change your password here” or “Click here to verify your account.”
More information on Heartbleed and which non-WUSTL sites might be affected can be found on http://heartbleed.com and http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/.
Please visit the Network Security Office website (http://nso.wustl.edu/) or the WUSM Information Security and Privacy website (https://secpriv.wusm.wustl.edu/infosec/) for additional information and updates.