The vulnerability exists in the technology that establishes an encrypted connection between Web servers and browsers called OpenSSL. Many sites and systems across the Internet use OpenSSL, affecting the severity of this vulnerability.
Information Technology Services (ITS) has received notification from many of our providers stating that they have either already dealt with the vulnerability or are not impacted. At this time, no ITS-managed systems have been found to be vulnerable. ITS is not aware of any universities that have been specifically targeted using this vulnerability. However, ITS will continue to monitor sites and systems to determine whether this vulnerability has had any impact on SLU services.
Vendors are currently releasing patches to mitigate this vulnerability. Please consult with your software or system vendor to confirm that they have addressed this vulnerability. If you need help checking for this vulnerability on a server that you manage, remediating this vulnerability, or checking a vendor's web application, please contact ITS Information Security Team at firstname.lastname@example.org.
Please continue watching for fraudulent email claiming to be from the University or from companies with which you do business, as criminals will undoubtedly take this opportunity to create targeted phishing email messages to trick people into divulging their passwords. Be on the lookout for sites that claim to tell you whether your site or your information has been compromised, especially if they demand personal details, login credentials, or payment.
Some additional information on this issue can be found here: