This bug, referred to as “Heartbleed,” allows attackers to read the memory of the systems protected by the vulnerable versions of the OpenSSL software and access privileged information, such as names, passwords, and credit card information.
A new version of OpenSSL has been released, which fixes or “patches” the flaw. I am happy to report that most of TCNJ’s larger systems were not vulnerable to Heartbleed. The few systems that were affected by the bug have been patched with the new secure technology.
In order to minimize the risk of an attacker’s gaining access to personal information that you may have stored on the College’s systems, it is strongly recommended that you change your TCNJ password, even if you have done so within the past few weeks. While we have seen no evidence of any intrusion here, it is possible that passwords that were in place up to the time of the patch, Wednesday, April 9, 2014, could have been obtained by a potential attacker.
You may change your password by visiting the TCNJ account manager web page at: http://account.pages.tcnj.edu.
For more information on Heartbleed and tips on how to minimize your risk outside of the TCNJ information technology systems, please click on the links below: