Jay Dominick, Vice President of Information Technology and Chief Information Officer for Princeton University, provides an update on Heartbleed at Princeton, confirms that all major systems at the University are no longer at risk for Heartbleed exploits, and strongly encourages faculty, students, and staff to change their passwords now that password changes are safe. Dominick also alerts the campus to the likelihood of increased phishing attempts and warns campus to not fall prey. Dominick's communication to campus follows.
As you undoubtedly have heard, a security flaw in software used to protect private information on the Internet was discovered last week. The vulnerability, ironically in the very software designed to ensure the confidentiality of data flowing across the Internet, is named "Heartbleed" because of the way it could exploit and then slowly expose confidential information. This vulnerability is widespread and fundamental.
Princeton was not immune to this "Heartbleed." We in OIT along with our technology partners across campus have worked diligently to close the vulnerabilities that we found. At this point in time, all major systems with the flaw have been patched, have had new security certificates issued where needed, and are no longer at risk for this exploit.
The problem that Heartbleed exposed is so omnipresent in the basic plumbing of the Internet that I strongly encourage you to take the following steps to protect yourself and the University.
Change your Princeton password. This is especially important if you have used:
- Gmail (including Princeton Gmail)
- Princeton Secure Remote Access (SRA, Aventail)
- The same password at Princeton as you do on other websites
- Beware of phishing attacks in your email. Internet ne’er-do-wells will be out in force trying to exploit this vulnerability through cleverly crafted requests sent to your inbox. To change your password, go directly to the home page of the site and you will almost certainly find a "change password" link where you regularly sign in.
To change your password at Princeton, go to the Princeton home page and select OIT Help Desk from the Shortcut menu in the upper-right corner. Alternatively you can simply type www.princeton.edu/oit and follow the link in the upper-right of the page to change your password.
If you have any questions, please feel free to contact the OIT Support and Operations Center at 609-258-4357 or firstname.lastname@example.org. They are available 24 hours a day, 7 days a week to help you with your IT problems.