NKU dodges Heartbleed bullet
NKU’s network systems show no evidence at this time of being compromised by Heartbleed, according to Douglas Wells, Director of Information Technology for the university.
Heartbleed, a serious vulnerability in encryption software that has left many of the most popular sites on the Internet exposed to hacking, according to Netcraft, did not impact the software that protects NKU’s servers.
“We are positive Blackboard, myNKU, and email were never affected,” Wells said.
Although IT found that the NKU homepage was in danger of being compromised by Heartbleed, the server was patched by 2:00 a.m. on April 8, and Wells can now confirm that there were no successful attacks against the system.
“Based upon the way the compromise would work, because we patched it immediately when it was released, that compromise will not be able to be exploited,” Wells said.
Wells also said that even if the server had been compromised, it would not be a security risk for students.
“The one site that had the issue does not ask for username or password,” Wells said.
IT sent out an email to staff and faculty members on April 13 addressing the Heartbleed issue.
However, an email was not sent out to students.
“We never sent out a mass NKU email because we didn’t want to cause panic,” Wells said. “We just wanted to make sure we have all our facts straight before we comment.” Wells said that although some faculty have sent emails of concern, asking questions, there have been very few calls to the IT help desk.
Richard Fox, a professor for NKU’s Department of Computer Science, was one of those who called the IT Help Desk after the email.
“I saw an article on CNN,” Fox said. “I wanted to make sure IT was doing something about it.”
Fox says that at first he was made nervous by the email from IT, which he described as “a little vague,” but then he called the Help Desk for more information.
“They contacted me back giving me a more detailed report,” Fox said. “IT was really responsive, they jumped right on this and worked as quickly as possible. I’m glad that IT took it seriously.”
Wells has said that although NKU is secure, students should take care to change their passwords on other sites.
“Look at your account information to make sure they weren’t compromised,” Wells said.
If you are unsure as to whether or not a website has been compromised, you should be able to find information on the website.
“Most vendors have a small Heartbleed section, especially banks and online vendors so you can figure out what they’ve done,” Wells said. “You have to check with the website, see what they recommend. Every site is on their own almost.”