Baruch Computing and Technology Center (BCTC)

"Heartbleed" - OpenSSL Security Alert

Posted on April 11, 2014.

The press has reported a serious flaw in OpenSSL, a common technology used to support secure communication via the web.  The flaw, known as Heartbleed, could be exploited to read encrypted information such as passwords. As soon as the news about Heartbleed was available, the Baruch Computing & Technology Center assessed the College’s local systems and found only one service that was vulnerable; it was remedied immediately.  We have contacted the vendors of our hosted services and all have reported that our service was either not vulnerable to the threat or the threat has been addressed.  We have reached out to system administrators in the schools and administrative departments to identify any use of hosted services that we may not know about.

Members of the Baruch community should be cautious about e-mail messages that they may receive to re-set accounts during the next few weeks.  It is likely that individuals will try to exploit the publicity around Heartbleed to get users to divulge their passwords or other private information under the guise of addressing the problem.  Please remember that the College will never ask you for your password via e-mail.  If you receive a request that seems to come from the College and asks for personal information, please report it to the helpdesk (x1010).  Although we are not forcing password changes on Baruch accounts, please feel free to change your password as one safeguard.