Heartbleed bug squashed on TRU websites

No need for TRU students to change their passwords, but other sites may be affected

Sean Brady, Copy/Web Editor Ω

TRU IT services has taken action against the Heartbleed bug, a vulnerability exposed on April 7 that may lead to private data being exposed by secure websites.

The bug affects any website running a vulnerable version of OpenSSL, a piece of software used to encrypt communications between a user and a web server.

Brian Mackay of TRU IT services said via email that none of TRU’s websites were affected because, while some sites did use OpenSSL, the version they were running was not among those vulnerable.

He said that there is no need for TRU students to change their passwords on TRU websites, though he did recommend that students look over a list of affected websites, just in case password changes are needed elsewhere.

In an email addressed to the TRU community, Mackay said “TRU is treating this bug very seriously and has identified and fixed all internal TRU systems.”

The Heartbleed bug became publicly known on April 7, but it’s not clear how long others have known about it. The vulnerability itself has existed since December 2011, though it has only affected most servers since March 2012, according to the The Heartbleed Bug website.

Mackay recommended using a Heartbleed test website. You can click here to test the myTRU portal website (mytru.tru.ca) yourself.

For technical information on the issue, visit http://www.heartbleed.com