There has been a lot of news in the past 48 hours about a security vulnerability in a version of OpenSSL, commonly known as the “Heartbleed Bug." OpenSSL is a popular cryptographic software library used by software developers to help keep Internet communications private.
What is the “Heartbleed Bug”?
The “Heartbleed Bug” allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.” (heartbleed.com)
Does this bug directly affect HSI systems & services?
No. HSI systems and services (i.e.: Otis, Training Web, BMP, etc.) do not use OpenSSL for our cryptography, so your data and interactions with our services are protected. Your account is secure, passwords are not exposed, and your data is safe.
Is there any action that I need to take?
No, there is no action that you need to take. We take your data security very seriously and have protections in place to ensure that it is not compromised. Given the scope of the “Heartbleed Bug”, we wanted to address this issue and advise you to follow Internet security best practices for all of your online activity. We encourage you to change your password every so often, and make your passwords unique for each online system you use. This is a practice that you should consider for any online system that you use.
John Hambelton – IT Director