The Heartbleed bug made big news in mid-April 2014 as an online security vulnerability with potentially devastating consequences.
SMU’s Office of Information Technology has issued advice on protecting yourself against Heartbleed, detailed in this e-mail message dated Wednesday, April 16, 2014:
By now you’ve probably heard about the internet bug known as Heartbleed. This security vulnerability has impacted a large number of online sites potentially exposing password information. OIT has been diligent in assessing and addressing SMU provided services as soon as the software patches were released.
Due to the potential risk that existed with this vulnerability, we are encouraging the campus community to take the following steps to ensure the protection of their accounts and data:
Reset your SMU password by visiting smu.edu/password. If you know your current SMU password, click on CHANGE. If you do not know your password, click Reset. Once you have set a new password, update any mobile devices that may also be configured for email or wireless access using that account.
Apple iOS devices: If you previously installed the Cisco AnyConnect client on your Apple iPad or iPhone, please visit the app store and download the latest version of the client. The previous version was impacted by this security flaw. Several other applications that you may have downloaded from the app store are releasing updates to address this flaw. We recommended applying these updates as well.
Android devices: Please check the software version that your device is running. If it is on version 4.1.1, it is vulnerable. Check for updates to the OS which will be released by your cell phone vendor. Several other applications that you may have downloaded from the Playstore are releasing updates to address this flaw. We recommended applying these updates as well.
External sites: The following external sites have recommended a password change: Dropbox, Facebook, Google, Etsy, Fandango, Android/Google apps, Hulu, Instagram, Pinterest, Steam, Stripe, TurboTax, Tumblr, Prezi, and Yahoo. This is not a comprehensive list! Please check with each website on which you currently have an account to review their recommendations.
Be on guard against phishing attempts! With so many sites encouraging users to change their passwords, we anticipate an increase in phishing emails. Please visit the websites directly to access any password reset utilities rather than clicking on links in an e-mail.
Password Security Tips
Although it is inconvenient to change all of your online passwords, we strongly encourage you to do so to protect your information. The following are a few password tips to remember as you update your accounts:
Do not use personal information in your passwords such as birthdate, zip code, name, pet names, etc.
Do not use the same password for all of your accounts.
Select a strong password using capital letters, lowercase letters, numbers and symbols.
Select a password that is easy to remember (so you don’t have to write it down) but make sure it is difficult for anyone else to guess!
The President’s Executive Council reviewed a revised University bulk e-mail policy that allowed individuals to opt out of certain types of information. This policy was approved in August 2012. Implementation of the new subscription management solution will begin Monday, Sept. 9, 2013.
As part of its implementation plan, OIT has developed a portal, mylists.smu.edu, that will allow each user to manage all nonessential e-mail preferences with a single login.
The new service helps the University to achieve two goals:
Ensure that essential messages are delivered to faculty, staff and students, while also enabling those recipients to opt out of nonessential messages they do not wish to receive.
Improve the effectiveness of essential communications by empowering recipients to limit nonessential messages to their own areas of interest.
University bulk e-mail lists sent out more than 3,200 messages in the 2012-13 academic year. The volume of e-mail has decreased the effectiveness of these lists in communicating critical information to appropriate audiences, according to the OIT. The new system will group SMU e-mail lists as follows:
Current e-mail lists for faculty, staff, undergraduates and graduate students will be maintained, and membership to these lists will continue to be mandatory (users may not opt out of receiving messages). However, only essential messages related to safety and health, and those related to personnel and academic business, will be delivered. In addition, the ability to send to these lists will be restricted to a select group of accounts.
New lists will be created for the communication needs of departments, programs and schools. Initially, these lists will be populated with all campus e-mail addresses. However, individuals will be able to unsubscribe from a managed list through an automatically generated link in each e-mail message, or to adjust their subscription preferences through mylists.smu.edu. These preferences can be changed at any time.
Departments are encouraged to review their current communication plans and strategies to help encourage individuals to remain subscribed to their lists. These strategies may include increased use of social media such as Twitter and Facebook to distribute updated or time-limited information.
For more information, contact Rachel Mulry in the Office of Information Technology.