Security Alert April 2014

SECURITY ALERT!

Updated April 16

Mandatory SJSUOne Password Reset!

Between April 16 and 18 all SJSUOne Account passwords will be reset.

This means that if you try and sign on after the reset your password will not work!

Use the SJSUOne Password Reset Tool Links to an external site. or click the “Having trouble with your password?” link to reset your password.

The reset is needed to protect password security in response to the Heartbleed web security flaw.

If you experience any difficulty logging in, resetting your password, or need further information, please contact the IT Help Desk at 4-1530 or email ithelpdesk@sjsu.edu.

Updated April 11

For a constantly updated list of the status of commonly used sites go here: http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/

Here is partial list of site that are now safe but recommend that you change your password.

Google
Facebook
YouTube
Yahoo!
Wikipedia
Bing
Pinterest
Blogspot
Instagram
Tumblr
Reddit
Netflix
Yelp!
USPS
Blogger
Dropbox

Here is partial list of sites that were not affected and require you to take no action.

Amazon
LinkedIn
eBay
Twitter
Paypal
MSN
Apple
Microsoft
BofA
Wells Fargo
Pandora
Hulu
UPS
Target
Tripadvisor
FedEx
Capitol One

Updated: April 10

Google (Gmail, YouTube, etc., Yahoo, and Facebook) states their systems are secure. If you want to see if a particular website has installed the security patch go to http://filippo.io/Heartbleed or https://lastpass.com/heartbleed and plug in the url. Regardless you should take the following steps:

Once a system is know to be secure, change your password. Secure passwords use upper and lower case letter, numbers, and key board characters (#, & etc.). Here is a good source for how to create a strong password: http://www.businessinsider.com/how-to-create-strong-password-heartbleed-2014-4

A few general tips:

Prioritize emails passwords as they often control other accounts.
Intentionally misspell words, for example replace a F with PH or write a word phonetically (eg. utoob for youtube).
Create a sentence such as "I like to drink beer in the sun!" and change up case and convert it to Il2dBitS!

Never use your SJSU password for anything else, the system is not as secure as it should be.

April 9

There is a security flaw that effects all SSL (secure) website access that has just become public. We recommend that you avoid conducting online banking and similar critical activities for as long as feasible. Major website should have the flaw fixed in a few days.

Stay Tuned to COMM Central for further updates.

'Heartbleed Bug' puts Web security at risk

A vulnerability in the OpenSSL program could compromise encryption on much of the Internet, putting passwords and data at risk. Experts say now is not the time for online banking.

http://www.latimes.com/business/la-fi-web-vulnerability-20140409,0,3935723.story#ixzz2yPX1pqJl