MSU responds to the Heartbleed Bug

A major security vulnerability called the Heartbleed Bug was disclosed Monday night with serious implications for the entire web.

What is the Heartbleed Bug?

A security defect was found in a component that is the foundation of security for a large percentage of Internet websites.

The security defect, in a component called OpenSSL, allows attackers to acquire random data from “secure” web servers without logging in. That data may include usernames and passwords, email messages, transactions, and the keys that keep web servers secure.

Was MSU affected?

There is no evidence indicating that this defect was exploited at Michigan State University.

Core authentication services and major systems used by the MSU community were never vulnerable. This includes msu.edu, ebs.msu.edu, mail.msu.edu, and the Learning Management systems.

CASHNet, our online payment processor, also assured MSU that we were not vulnerable.

What is MSU doing to mitigate any possible risk?

The IT community is working to identify any MSU websites that might be vulnerable and updating web servers with patches to remediate any vulnerability.

Today, MSU IT Services also performed a patch to the SSL VPN and MSU Internet Border Intrusion Prevention System maintenance as extra precautions.

What should you do to protect yourself?

Since passwords are one of the data items that may have been insecure, it is recommended that you change your MSU and non-MSU passwords.

Please don’t use your MSU NetID and password for any non-MSU accounts.

Read more password tips and best practices.

If you have any questions or concerns, please call the MSU IT Services Support Desk at (517) 432-6200.