[Faccus] Heartbleed bug, statement from Information Security Services

Heather Wey hawey at uwaterloo.ca
Thu Apr 10 12:20:18 EDT 2014

From: Jason Testart, Director, Information Security Services

As you have likely heard in the media, the Heartbleed bug<http://heartbleed.com> has affected approximately two thirds of the Internet and the University of Waterloo was not immune.  Monday evening, news of the issue was being shared between campus IT staff.  Since then, IT staff have been applying fixes to affected systems.  The fix was applied to the majority of IST-managed servers by noon on Tuesday.  IST security operations staff are continuously assessing the campus network, supporting IT staff campus wide in identifying affected systems so that fixes can be applied.  Authentication for the uw-unsecured campus wifi service has been disabled until the vendor provides a fix for the Heartbleed bug.

We believe the risk to users of our systems is minimal given the timing of our response and provided that users follow best practices for password management:

  1.  Avoid the re-use of passwords at different sites - You do not want a breach at one site to compromise your information at other sites.
  2.  Change your passwords periodically - If a password does happen to be exposed by this issue or some other, it's not useful to attackers if you've since changed it.
  3.  Do not share your password - The more people know your password, the more exposed it is, which increases the potential for misuse (unintended or malicious).
  4.  Use long passwords - The longer the better. This practice does not help specifically with Heartbleed, but it does guard against other attacks.
If you are concerned about the integrity of your password, you are encouraged to change your password<http://watiam.uwaterloo.ca>.

Questions/concerns? Please contact the IST Service Desk, helpdesk at uwaterloo.ca<mailto:helpdesk at uwaterloo.ca> or ext. 84357.

Recipients of this message: isthd; ist-staff; admin-support; faccus; uwweb; ctsc; ucist; SSO, MSC (CPA); Daily Bulletin

Heather Wey
IST Communications
University of Waterloo
519-888-4567 x35878
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uwaterloo.ca/pipermail/faccus/attachments/20140410/9996fa68/attachment.html>

More information about the Faccus mailing list