Changing your password: a question of good IT practice
10.04.14 - It’s vital to get into the habit of changing your password regularly. The security flaw “Heartbleed” – a bug in OpenSSL – provides an opportunity to become more disciplined in this respect.
On Tuesday 8 April 2014, the mass media announced the existence of the “Heartbleed” security flaw. This bug affects the Open SSL protocol, which is used on line to encrypt web traffic. It could thus impact, according to certain estimates, half the web servers worldwide.
According to the free newspaper 20 minutes:
“This problem is the result of a design fault that allows an unauthorized party to get access to the data. Basically, the ‘Heartbleed ’ query checks that the connection with a server is still active, a bit like the ‘ping’ function. However, in adding some parameters, instead of responding to a simple ‘ping’, the server releases data stored in its memory (RAM) – login details, password, debit card details) etc. Worse, the encryption keys used by the site can also be obtained.”
The problem has been fixed, and a patch was deployed on Monday (April 7, 2014) during the evening. All Web administrators must now update their servers to the most recent version – OpenSSL 1.0.1g – and change their certificates.
Has EPFL been affected?
This security flaw also concerns the EPFL servers. The School’s IT services have already done everything required to resolve the problem, that is:
• Updating of all those servers that use port number 443 (HTTPS) with version 1.0.1g of OpenSSL
• Changing of the server certificates (which may have been spoofed)
In addition, to protect your EPFL user account, we require that you change your password (that is, the well-known password Gaspar , gaspar.epfl.ch).
This step will guarantee that potential hackers who may have been able to steal passwords are not able to connect to your IT account and access your data.