Security vulnerability in OpenSSL

alert

[09 April 2014]

On Monday night we were informed of a security vulnerability with OpenSSL. Recent press articles, for example the Guardian, outline the extent of the problem globally.

Most UNIX based operating systems and appliances use this software to secure the network traffic between clients and servers. The vulnerability can lead to the compromise of the "private keys" which secure the network communications and hence the compromise of communications data (which could include usernames and passwords).  

We are in the process of identifying affected servers/services and applying a patch to fix the vulnerability.  This requires a restart of the servers which may mean brief interruption to services. We will make every effort to inform staff and students of such activity but in light of the nature of the problem this may not always be possible considering the need to do this work as soon as possible.

Please check the IT status page for any planned maintenance.

We will prioritise those services which are internet facing and handle particularly sensitive information (e.g. login names and passwords, personal or other confidential information).

If you are not a member of IT Services and have responsibility for managing systems or services which you fear may be vulnerable then please contact the IT Services Desk.