{"290131":{"#nid":"290131","#data":{"type":"news","title":"Tech\u2019s Main Systems Not Compromised by Heartbleed","body":[{"value":"\u003Cp\u003EThis week\u2019s Heartbleed web security vulnerability had users of numerous popular websites scrambling to change passwords. Thankfully, none of Georgia Tech\u2019s significant systems were affected.\u003C\/p\u003E\u003Cp\u003E\u201cAs soon as we became aware Monday, we did a scan of all our campus systems,\u201d said Jimmy Lummis, cybersecurity policy and compliance manager in the \u003Ca href=\u0022http:\/\/www.oit.gatech.edu\u0022\u003EOffice of Information Technology\u003C\/a\u003E. The scan reported 120 unique IP addresses as being vulnerable. After five days of patching by OIT employees across campus, that number is now fewer than 30.\u003C\/p\u003E\u003Cp\u003EBecause Tech\u2019s main systems were not affected, most users do not need to worry about changing their Georgia Tech login passwords \u2014 with a few exceptions.\u003C\/p\u003E\u003Cp\u003E\u201cWhere I would be concerned is if users are using the same password for Georgia Tech as they are with other websites or systems,\u201d Lummis said. He advised those users to change both passwords as a security measure.\u003C\/p\u003E\u003Cp\u003E\u201cThe other important thing to remember is that just because a site was vulnerable to Heartbleed, it doesn\u2019t mean people got ahold of your information,\u201d Lummis said. \u201cAll someone would get from exploiting Heartbleed would be a segment of memory stream for a particular process, which may or may not have any authentication information.\u201d This differs from other types of security breaches in which large volumes of names, personal information, and credit card information are compromised.\u003C\/p\u003E\u003Cp\u003EOIT continues to run periodic scans to monitor systems as they are patched. Firewalls will block anything attempting to launch the Heartbleed vulnerability against any of Tech\u2019s systems. For external sites, Lummis advised users to find out if the site has been patched before changing their passwords, or else they\u2019ll have to be changed a second time.\u003C\/p\u003E\u003Cp\u003EFaculty and staff can also consider using \u003Ca href=\u0022http:\/\/lastpass.com\u0022\u003ELastPass\u003C\/a\u003E, a password management tool for which \u003Ca href=\u0022http:\/\/oit.gatech.edu\/lastpass-faq\u0022\u003Ethey can get a license from OIT\u003C\/a\u003E. This tool was not vulnerable to Heartbleed, and in security breach situations it can notify users on which accounts passwords should changed.\u003C\/p\u003E","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003EThis week\u2019s Heartbleed web security vulnerability had users of numerous popular websites scrambling to change passwords. Thankfully, none of Georgia Tech\u2019s significant systems were affected.\u003C\/p\u003E\u0026nbsp;","format":"limited_html"}],"field_summary_sentence":[{"value":"Most users do not need to worry about changing their GT login passwords \u2014 with a few exceptions"}],"uid":"27299","created_gmt":"2014-04-11 14:24:26","changed_gmt":"2016-10-08 03:16:11","author":"Michael Hagearty","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2014-04-11T00:00:00-04:00","iso_date":"2014-04-11T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"290141":{"id":"290141","type":"image","title":"Heartbleed Bug","body":null,"created":"1449244274","gmt_created":"2015-12-04 15:51:14","changed":"1475894986","gmt_changed":"2016-10-08 02:49:46","alt":"Heartbleed Bug","file":{"fid":"199210","name":"p.txt_.png","image_path":"\/sites\/default\/files\/images\/p.txt__0.png","image_full_path":"http:\/\/tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/p.txt__0.png","mime":"image\/png","size":5001,"path_740":"http:\/\/tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/p.txt__0.png?itok=cVqmkNwU"}}},"media_ids":["290141"],"related_links":[{"url":"http:\/\/heartbleed.com\/","title":"Heartbleed Bug"},{"url":"http:\/\/blog.lastpass.com\/2014\/04\/lastpass-and-heartbleed-bug.html","title":"LastPass and the Heartbleed Bug"},{"url":"http:\/\/oit.gatech.edu\/directorate\/information-security","title":"Georgia Tech OIT Information Security"}],"groups":[{"id":"1214","name":"News Room"}],"categories":[{"id":"129","name":"Institute and Campus"}],"keywords":[{"id":"91421","name":"heartbleed"},{"id":"2678","name":"information security"},{"id":"4112","name":"oit"},{"id":"91431","name":"password"}],"core_research_areas":[],"news_room_topics":[{"id":"71871","name":"Campus and Community"}],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003E\u003Ca href=\u0022mailto:kristen.bailey@comm.gatech.edu\u0022\u003EKristen Bailey\u003C\/a\u003E\u003Cbr \/\u003EInstitute Communications\u003C\/p\u003E","format":"limited_html"}],"email":[],"slides":[],"orientation":[],"userdata":""}}}