You have likely heard this week’s media reports about the Heartbleed Bug. This is a serious vulnerability, which enables hackers to steal information that is usually protected by the encryption that secures the Internet and applications such as web, email, instant messaging, and some virtual private networks (VPNs).
ITS completed a review and discovered two systems affected by this vulnerability: BannerWeb and deerfield.edu. Both have been updated with new security patches, and new security certificates have been installed. Our network firewall has also been updated.
One complicating feature of this bug is that the vulnerability is undetectable. There is no way to know if a hacker has used this opening to steal your login credentials. As a result, ITS is requesting that all students, faculty, and staff change their Deerfield network/email passwords and BannerWeb PINs now. If you did this earlier in the week, we ask that you do it again, since you won’t be protected if the change occurred prior to the installation of the patches.
If you are concerned about accounts you have with banks, on-line retailers, and other websites, you may wish to review the information posted at http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/. Some useful information for consumers is presented here.
If you have any other questions about this bug or the security of your account, please contact the Help Desk at extension 1444.