You may have heard of a new computer security threat revealed recently called Heartbleed. In short, Heartbleed is a bug in a piece of software (OpenSSL) used by many websites to encrypt personal and sensitive information as a means of securing it. Most of Davidson’s servers do not use OpenSSL and we have scanned all our systems to identify and remedy potential Heartbleed vulnerabilities. Nevertheless, other Internet-based services you use may be affected, and sensitive personal or College data could be exposed via those services. Market research reports suggest that the Heartbleed bug is present on up to 66% of Web servers. Among the services and sites known to have been running the affected versions of OpenSSL are: Facebook, Dropbox, Tumblr, Google and Yahoo.
To be safe, you will need to change your passwords. Keep an eye on your email and watch for notification that a service or site has upgraded their OpenSSL. Once you get that note, change your password immediately. If there are services you are not sure about, you can verify them with the Heartbleed Checker website.
As always when personal data is at risk, it would also be a good idea to watch your banking and credit card statements closely. If you have questions about Heartbleed, please feel free to contact ITS at firstname.lastname@example.org.