Information Regarding the Heartbleed Bug

Good Morning All,

You may have recently heard about the “Heartbleed” security bug that has affected the Canada Revenue Agency’s website and other sites around the world. Take a look below to find out how we’re dealing with the issue at Trent and what it means for you.

What is the situation?

Heartbleed is a security bug or programming error in many versions of “OpenSSL.” OpenSSL is software code that is used to encrypt and protect things like passwords and other information that hackers could use to enter into secure websites. OpenSSL versions 1.0.1 through 1.0.1f (inclusive) are affected. The vulnerability created by Heartbleed means that individuals on the Internet can decode and read previously protected sensitive information on compromised websites.

What’s happening at Trent University?

IT has completed scans of our servers and have identified three minor issues. These problems have been rectified and we can report that no data breaches have been identified.

I am running my own server. Am I affected?

If you are a researcher or department running your own server on the Trent network, you can do a test yourself (check "do not show") to see if your website has been affected. If you find a Trent website that has been affected, please let the IT Service Desk know immediately by contacting it@trenu.ca.

How can I learn more about Heartbleed?

If you are curious and would like to learn more about Heartbleed, you may want to check out the website set up by the researchers who discovered the issue.