As you may have heard by now, the Heartbleed bug is affecting internet sites around the world. Unlike most notices like this, it’s not a virus or a worm. Heartbleed is security bug in the open-source OpenSSL library, which is widely used on the internet for security protocols. It was fixed on April 7, 2014, at the same time as Heartbleed was publicly disclosed. Unfortunately, many sites using the problematic OpenSSL had not updated yet.
If you are worried about your Mac, OS X has never shipped with the vulnerable version of OpenSSL. If you are worried about your iTunes accounts, its mobile, desktop and Web services weren’t affected but Heartbleed. Going further, Re/code was able to get an official response from Apple:
“Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson told Re/code.’
If you were worried about how this affected SMU campus systems, don’t; That being said, OIT still recommends you change your passwords. Here is an update from OIT:
OIT responded quickly to ensure all services were updated and any potential exposure was remediated. The security flaw was announced on Monday April 7. OIT reviewed all systems quickly and addressed each vulnerability as soon as a patch was available from the vendor. Of the systems remediated, there was a limited threat of exposure for SMU account login information. At this time, no compromises or suspicious activity from the vulnerability has been observed. We are encouraging individuals to reset all password (not just SMU) as the threat was widespread across a significant number of internet based services. As an advocate for the customer and a desire to help protect their data (SMU and personal), we felt strongly that it was our responsibility to err on the side of caution.