Protecting KU alumni

Posted on Apr 10, 2014 in Alumni News, Campus News, and News

In response to the news this week about a massive Internet bug, the following update was shared with KU Alumni Association employees by email. In the spirit of transparency and our ongoing commitment to protect the privacy of alumni data, we wanted to share this update with alumni, from David Johnston, director of Internet services and marketing.

Good morning!

Some of you have seen news this week about “Heartbleed,” an Internet bug that exploits a common encryption tool called “OpenSSL.” Although the vulnerability has existed since December 2011, it made headlines Tuesday. Two days later, most providers have already addressed the issue.

We are fine.

Were we ever affected? It is impossible to know for sure, but our best defense is to stay current with software updates and change administrative passwords regularly. At some point we could have had the flawed version before the loophole was detected and patched with an update in April 2013, but we currently have the up-to-date version that corrects the flaw. To safeguard against attacks, we are diligent in following industry best practices. For example, last summer Webmaster Mike Wick recommended that we change our web hosting provider to industry leader RackSpace for greater support, security and speed. It was prioritized in the budget, and the transition went smoothly. That investment has paid off.

For those curious, our online presence is hosted primarily in two ways, through our online community vendor iModules and a managed private server with RackSpace. iModules, which connects to our private alumni data, uses a different secure protocol, so iModules was not affected by Heartbleed at all. The rest of our web pages, event registrations and membership forms are currently hosted at RackSpace. RackSpace is safe, and none of their related network devices were impacted. The OpenSSL we use is current and updated.

We will remain diligent and monitor situations like this that could potentially affect us and keep you posted. More information is below, and if you have any questions, feel free to ask me, Mike Wick or John Stockham anytime. NOTE: It is generally a good idea for users to change passwords regularly, but we have not been instructed to do so in response to Heartbleed, yet. We’ll let you know of any new developments.

David

iModules announcement re: Heartbleed

Wall Street Journal article describing Heartbleed

New York Times Tech Blog guidance on passwords (thanks Lazz)

David Johnston, j’94, g’06
Director of Marketing & Internet Services
KU Alumni Association
785-864-4760
785-864-5397 fax
www.kualumni.org

Everything We Do Strengthens KU

Tags: , , , , ,