SMU’s Office of Information Technology has issued advice on protecting yourself against Heartbleed, detailed in this e-mail message dated Wednesday, April 16, 2014:
By now you’ve probably heard about the internet bug known as Heartbleed. This security vulnerability has impacted a large number of online sites potentially exposing password information. OIT has been diligent in assessing and addressing SMU provided services as soon as the software patches were released.
Due to the potential risk that existed with this vulnerability, we are encouraging the campus community to take the following steps to ensure the protection of their accounts and data:
- Reset your SMU password by visiting smu.edu/password. If you know your current SMU password, click on CHANGE. If you do not know your password, click Reset. Once you have set a new password, update any mobile devices that may also be configured for email or wireless access using that account.
- Apple iOS devices: If you previously installed the Cisco AnyConnect client on your Apple iPad or iPhone, please visit the app store and download the latest version of the client. The previous version was impacted by this security flaw. Several other applications that you may have downloaded from the app store are releasing updates to address this flaw. We recommended applying these updates as well.
- Android devices: Please check the software version that your device is running. If it is on version 4.1.1, it is vulnerable. Check for updates to the OS which will be released by your cell phone vendor. Several other applications that you may have downloaded from the Playstore are releasing updates to address this flaw. We recommended applying these updates as well.
- External sites: The following external sites have recommended a password change: Dropbox, Facebook, Google, Etsy, Fandango, Android/Google apps, Hulu, Instagram, Pinterest, Steam, Stripe, TurboTax, Tumblr, Prezi, and Yahoo. This is not a comprehensive list! Please check with each website on which you currently have an account to review their recommendations.
- Be on guard against phishing attempts! With so many sites encouraging users to change their passwords, we anticipate an increase in phishing emails. Please visit the websites directly to access any password reset utilities rather than clicking on links in an e-mail.
Password Security Tips
Although it is inconvenient to change all of your online passwords, we strongly encourage you to do so to protect your information. The following are a few password tips to remember as you update your accounts:
- Do not use personal information in your passwords such as birthdate, zip code, name, pet names, etc.
- Do not use the same password for all of your accounts.
- Select a strong password using capital letters, lowercase letters, numbers and symbols.
- Select a password that is easy to remember (so you don’t have to write it down) but make sure it is difficult for anyone else to guess!