- Up to
Heartbleed Security Vulnerability
April 21, 2014
A widely reported critical security flaw, called “Heartbleed,” was discovered that put much of the Internet’s security infrastructure at risk. The vulnerability is a developing threat worldwide. One possible consequence of this flaw is that attackers can easily steal information exposed on vulnerable websites and systems. Systems you may use on campus as well as outside of campus in your professional or personal life may be at risk. Some websites and Internet services not associated with the campus have already fixed this vulnerability, and for others, it will take longer. For password assurance of your online accounts with other businesses, please follow the instructions from the company websites you visit.
Impact on California State University, Bakersfield Systems
This vulnerability could have allowed a knowledgeable attacker to retrieve some NetIDs and passwords used to login to the CSUB wireless network. Our wireless system had this vulnerability for a short window of time and is now secured. This vulnerability did not affect the CSUB+ wireless network. IT staff are reviewing campus systems and applying available patches as appropriate. IT staff will continue to monitor for potential impacts and notify individuals as needed.
Those who accessed the CSUB wireless network between February 5, 2014 and April 10, 2014 should take the suggested action below and change their NetID password. Direct email notifications have gone out to those who accessed this network.
Though we have no evidence of malicious behavior, we urge users to change the password to their NetID account using the following directions:
a. Go to my.csub.edu
b. Under the “Need Help” section, please click “Change my password.“
c. When prompted, please enter your NetID and select “Begin”, type your old password, type your new password twice, and then click the “Change password” button.
Campus faculty and staff must follow the campus password policy below.
• Not contain the user's account name or parts of the name that exceed two consecutive characters
• Be at least eight characters in length
• Contain characters from three of the following four categories:
Uppercase characters (A through Z)
Lowercase characters (a through z)
Numbers (0 through 9)
Non-alphanumeric characters (for example, !, $, #, %)
After you've changed your password, any program that has the old password saved will prompt you for the new password the next time you use it (e.g. web browsers, email clients, wireless access, etc. whether on your workstation or smartphone or tablet).
For additional assistance, contact the Helpdesk at 654-2307.