Heartbleed SSL Vulnerability

On Monday, April 7th, the internet community became aware of a security flaw in a very common technology used to secure communication between clients and servers, known as OpenSSL. The nature of this bug means that for many months malicious attackers could have been capturing encrypted traffic that we all thought was well secured.

As soon as a patch was available (late Monday night April 7th for most Chico State systems) staff patched affected systems.  Intensive efforts to verify that all campus servers affected by the Heartbleed bug have been patched has been underway over the last two weeks.  On the slim chance that CSU, Chico secure communication may have been captured, all SSL certificates on affected systems have been replaced.

While we do not believe that there is any evidence that campus accounts have been compromised, users of campus systems are encouraged to change their passwords by visiting the following website:  www.csuchico.edu/itss/passwords-accounts/.

Protect Yourself

It is highly recommended that individuals change their passwords on all external party accounts such as Facebook, Instagram, Pinterest, Tumbler, Google/Gmail, Yahoo, Netflix, YouTube, Box or Dropbox. Do not use the same account and password on multiple sites, and NEVER use your Chico State password on any external system.