• ITS home
• Help
• Services
• My IT account
• Security
• About

Heartbleed security warning

Posted: Wed 9 Apr 2014, 1:24pm.

There has been widespread concern in the media in the last few days about a security vulnerability on some websites. Sussex websites and services are not affected by this issue but all users of websites and services should be aware of it as you may be vulnerable when using some external web pages.

The security bug, known as heartbleed, exploits a weakness in some of the security software that is designed to protect websites. Sites using a particular type of security protection could, under some circumstances, make confidential user information available to hackers, including login passwords.

Before logging in to external web sites, including personal webmail or online banking, you should check with your providers to make sure they are not affected by this issue. If you use the same password for personal and Sussex logins, you should also change your Sussex password to make sure it is not exposed as a result of security weaknesses on other sites.

None of the public-facing services at Sussex are affected by this bug. Some IT internal systems were potentially vulnerable but were quickly updated to remove the loophole. Further analysis is also underway to double-check that no other systems are likely to be affected.