UPDATE: IT winding up work on ‘Heartbleed’ bug

The Division of Information Technology at Western Carolina University has completed its work to mitigate the potential risk to campus computing systems because of a significant Internet security bug known as “Heartbleed.”

The Division of IT sent communications to WCU students, faculty and staff last week regarding appropriate measures, including the changing of passwords, which should be taken to ensure the safe usage of campus computer resources. Effective Monday, April 28, students, faculty and staff were required to change their passwords in order to access campus computer systems.

The majority of key campus computing systems were not affected by the bug. The IT division has conducted a detailed assessment of all campus sites and systems and has applied necessary fixes to those at risk from the bug. IT staff will continue to monitor the situation as the spring semester winds to a close, but no further problems are expected.

Additional information will be provided if it becomes necessary.
Work goes on to mitigate ‘Heartbleed’ risk

UPDATE: April 16, 2014

The Division of Information Technology at Western Carolina University continues to work to mitigate the risk of a significant Internet security bug known as “Heartbleed” on campus computing systems, and will be issuing communication soon to students, faculty and staff regarding additional measures, including the changing of passwords, to ensure the safe usage of campus computer resources.

IT staff members have determined that the user IDs and passwords of parents and authorized users of accounts on behalf of current and incoming students are not affected, so there is no need for them to change passwords or take further actions.

The majority of key campus computing systems are not affected by the bug. The IT division is in the process of completing a detailed assessment of all campus sites and systems and is applying necessary fixes to those at risk from the bug. It is a time-consuming, multi-step process as each system must be assessed in conjunction with vendors and providers because of the nature of the Heartbleed bug, said Craig Fowler, WCU’s chief information officer.

Additional information will be provided as it becomes available.
IT assessing impact of ‘Heartbleed’ computer bug

POSTED: April 11, 2014

The Division of Information Technology at Western Carolina University is working to fully assess the impact on campus computing systems of a significant Internet security bug known as “Heartbleed,” which could affect the personal information of Internet users across the United States.

Heartbleed is an Internet bug that affects a piece of technology (OpenSSL) used by many online services to secure sensitive information while submitting it on a website. Because of a flaw in the technology, the sensitive information, including usernames, passwords and credit card numbers, could be compromised while the information travels from a person’s computer to the website.

At Western Carolina, IT staff members have determined that the majority of key computing systems used on campus are not affected by the Heartbleed bug, including Banner, MyCat and Blackboard. In addition, the online systems used for Banner special payments, CatCash deposits, tuition payments, and tuition and housing deposits are not affected by the bug.

The IT division is implementing system updates and continuing a process to fully assess campus computing resources and make changes as needed to mitigate the risk to the university. Additional updates will be posted to this website as they become available.

Frequently Asked Questions

Q: Do I need to worry about my personal or financial information related to the university, or that of my student at WCU, being compromised as a result of Heartbleed?

A: The financial, employee and student information systems used on campus, including financial online payment systems, are not affected by this bug. You can make housing and tuition deposits, add money to your CatCash account and pay tuition bills without worrying about Heartbleed. In addition, for faculty, staff and students who log into various computing resources using their personal campus identification number (also known as their “92 number”), those systems also are not affected; nor is the campus system used for student health records.

Q: Should I change my password?

A: Not yet. Although many media reports are advising people to change passwords, WCU’s IT staff is not suggesting campus users change their WCU passwords at this time. When changing passwords, timing is important. Passwords should be changed after IT has made the necessary system changes to eliminate the Heartbleed risk. If campus users change passwords before the risk is eliminated, they will have to change passwords again after the risk is eliminated. IT will provide further written guidance in the near future about when campus users should make password changes. As a reminder, IT will never ask you to confirm account information, such as username and password, through e-mail.

Q: How can I tell which sites are affected?

A: Numerous media outlets are posting information about what sites are affected and what sites are not. CNN has a good site, which it indicates will be updated as additional companies respond.

Q: I still have concerns. Who can I call?

A: If you have questions about Heartbleed and campus technology, contact the IT Help Desk at (828) 227-7487.