A software bug called Heartbleed that affects certain popular versions of OpenSSL is rapidly being exploited. OpenSSL provides encryption and authenticity services on the Internet and web. System Administration in ITS at SUNYIT became aware of the issue on Tuesday, April 8, 2014. The affected systems were rapidly patched and all systems under ITS control should be secured against the vulnerability.

The vulnerability allowed malicious users to send carefully crafted requests which would result in exposure of fragments of system and server running memory. While ITS has no evidence that SUNYIT was compromised or any information was exposed, they will be taking a proactive approach.

On Monday, April 14, System Administration in ITS will begin work to replace potentially compromised SSL Certificates. This maintenance may cause intermittent outages of various services on campus, but we do not expect major downtime or interruptions. If you notice any issues, please report them to the Helpdesk at helpdesk@sunypoly.edu or by phone at 792-7440.