Web Vunerability (OpenSSL)
As many of you may have read or heard, a flaw has been discovered in one of the Internet's
security methods—a flaw that could enable hackers to access user names, passwords,
or other sensitive data.
A fix for this flaw, which was announced this week, is available. Information Management
and Technology (IM&T) recognized the seriousness of this issue and began working immediately
to assess our and then begin to patch the University's systems that need patching.
The flaw is associated with a widely-used technology known as OpenSSL, which is used
to secure server transactions, and it is known as the "Heartbleed" vulnerability.
OpenSSL is used by Internet service providers, system administrators, and universities
around the world, fortunately we only had a couple of systems her at UNC that were
impacted.
- https://www.us-cert.gov/ncas/current-activity/2014/04/08/OpenSSL-Heartbleed-Vulnerability
- bits.blogs.nytimes.com/2014/04/08/flaw-found-in-key-method-for-protecting-data-on-the-internet/
- www.cnn.com/2014/04/08/tech/web/heartbleed-openssl/
- www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/
heartbleed.com/