The Univesity of Texas at Austin

Department of Computer Science

UTCS - System Status

This blog contains news about the status of computer and other systems in the Department of Computer Science at UT Austin. Planned outages, web downtimes, etc. will be announced here.

Please email gripe@cs.utexas.edu with any problems or questions about the content.

RSS

Switch to Tech Staff Updates

CS login:
password:
[<< back]

Heartbleed Phish
By now, you've no doubt heard about Heartbleed. I wanted to give
everyone an update about Heartbleed in relation to our Production
environment. Below you will also find some best practices to protect
yourself from Phishing attempts.

===== HEARTBLEED =====

- Most of our services run on Ubuntu Lucid LTS, and were not
vulnerable.
- Tuesday morning (4/8) our Ubuntu Precise machines (desktops,
cluster, some servers) were all upgraded by staff.
- Tuesday afternoon we scanned the non-production networks for
vulnerabilities, but found none (good job, everyone).
- By Thursday (4/10) the only known vulnerable host on Horatio was
patched. We will continue to monitor all connected hosts.
- All necessary SSL certificates have been reissued.

We urge everyone to change their passwords, both at CS, and elsewhere.

===== PHISH =====

Preying upon the password change hysteria, there has been a marked
increase in phishing attempts. Email is not a secure messaging
system. You should

- never send any password in email, and no legitimate organization
will ever request your password be sent to them in email.
- never enter your username and/or password into a link you were
provided via email without external verification of sites legitimacy.
- never click a link in an email without verification of the actual
URL of the link.
- prefer plain text email over html.
- set your mail client to not load remote images automatically.

===== Change your password =====

To change your CS password navigate to the CS home page. Follow
the link to "UTCS Direct" at the top. On the UTCS Direct page under
"Accounts" you will find the link to "Reset CS Password".

===== Helpful resources =====

The following pages may be helpful to determine if a particular
site has been patched, and it's certificate reissued (a necessary
requirement).

https://lastpass.com/heartbleed/
http://filippo.io/Heartbleed/
https://www.ssllabs.com/ssltest/index.html

We have no affiliation with any of the above sites.

If you have any questions or concerns, please feel free to email
gripe@cs.utexas.edu.


posted by yyz on 04/15/2014 at 01:45PM