Information Technology Services

Security Alert

IE Security Flaw

04.30.2014

The U.S. Computer Emergency Readiness Team (CERT) is advising that those using Internet Explorer temporarily use a different browser (Firefox or Chrome) until this latest vulnerability is patched. We understand that certain Union College sites and affiliated sites may require the use of Internet Explorer, please limit your use of Internet Explorer to these sites. All other web browsing should be done with Firefox or Chrome as visiting an infected site would allow malicious users to install malware and potentially steal personal data, track online behavior, or gain control of the computer.

For more information about this flaw, please see the following article:

http://www.cnet.com/news/stop-using-ie-until-bug-is-fixed-says-us/

For the US-Cert bulletin:

http://www.kb.cert.org/vuls/id/222929

If you require assistance or have any questions, please contact the ITS Help Desk (call (518) 388-6400 or email helpdesk@union.edu).

Heartbleed Computer Vulnerability

Security researchers have discovered a vulnerability, named the Heartbleed bug, in many online encryption systems used around the world (OpenSSL encryption). This vulnerability affects the security of servers which handle encryption between computers, like when you connect using https to banking websites and a majority of websites where you are using passwords and private data. The Heartbleed bug allows an attacker to capture usernames, passwords, credit card information and other sensitive data at risk. Sites that may be affected are marked by the small closed padlock and the “https” in the web address.

As of Monday, April 7, ITS has patched all major Union web services impacted by the “Heartbleed” bug. We have no evidence at this time that Union College has been compromised.

We recommend the following to members of the Union College community:

1. Avoid clicking links found in unusual or unexpected emails that ask recipients to reset their password or otherwise reveal personal information.

2. Consider changing your online passwords at Union College and elsewhere, especially at banks and commercial sites, early next week. Waiting a few days gives the external sites time to fix the vulnerability. Changing your passwords is critical if you use the same password for you Union College email account and other services.

3. Apply the latest security updates to your home computer as well as your mobile devices.

Please refer to http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ for the status of mainstream websites and what consumers should do regarding accounts at these sites.

Please refer to http://chronicle.com/blogs/wiredcampus/the-heartbleed-bug-and-how-internet-users-can-protect-themselves/51689 for more information regarding the Heartbleed bug.

If you require assistance or have any questions, please contact the ITS Help Desk (call (518) 388-6400 or email helpdesk@union.edu). Please check our website http://its.union.edu/help-desk/information-security-union for the latest information.