Lehigh University logo
Library and Technology Services logo

Important Information Security Update - Heartbleed Bug

Many of you have read or heard about the Heartbleed Bug, a security vulnerability discovered in one of the most commonly used encryption technologies intended to protect our online activities.

How does this affect you?
This vulnerability is widespread and has the potential to compromise your private information, including account credentials. By now many of the affected web servers have been updated, but you should verify this before logging into sites that contain sensitive data such as those for online banking and shopping. Once you have verified that a site is no longer vulnerable, change your password. To check the vulnerability of a site, see the links included in the LTS Heartbleed FAQ at lehigh .edu /security.

What are we doing at Lehigh?
Since Monday, April 7, Library and Technology Services has been patching systems, updating certificates, scanning for vulnerabilities across campus, notifying non-LTS custodians of affected systems, and monitoring suspicious logons.

We will continue to provide updates and recommendations on our security web pages, which are found at lehigh .edu /security.

What should you do?

  • Change your Lehigh password. As with all websites using OpenSSL, there was a period prior to the discovery of this bug, when Lehigh systems were vulnerable. The Lehigh account maintenance page can be accessed at lehigh .edu/ account.
  • Do not use your Lehigh password for non-Lehigh accounts.
  • Make your Lehigh password more secure by selecting a longer, more complex password.
  • Be suspicious of email messages asking you to change passwords, and don’t click links in messages. Instead, go directly to sites by typing the URL directly in your web browser.
  • Remember that Lehigh will not ask you to respond with sensitive information such as passwords, social security numbers or bank account numbers.
  • Apply the latest updates to your work and home computers - and your mobile devices.
  • If in doubt, contact us at the Help Desk (610-758-HELP) or email Information Security (security @lehigh .edu).

Important new security procedures:
Over the next few months, we will be implementing several new procedures to enhance security and validate your identity including:

  • Collecting an external email and/or phone number so that we can contact you in an emergency or to report suspicious activity on your account.
  • Adding two-part authentication for certain services.

To learn more about upcoming enhancements, please see our monthly newsletter, LTS News, and visit our LTS webpages.

Sincerely,

Bruce M. Taggart, Ph.D.
Vice Provost, Library & Technology Services