10 Apr 14 HeartBleed OpenSSL Bug

Please see this article from The Wall Street Journal at http://online.wsj.com/news/articles/SB10001424052702304819004579489813056799076  for a description of the bug.

Check of ALA Onsite Services

We have checked all onsite services at ALA for this bug and found only one vulnerable service which was never exposed to the Internet.  This server has been patched. This means no ALA member data or passwords have ever been at risk due to Heartbleed.

Check of Hosted Services

ALA hosted email (owa.ala.org), ALA Connect, and services on Dreamhost are not vulnerable.

Personal services that you use on the Internet:

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ has a pretty good list of affected sites and recommendations on when to change passwords.

Sherri Vanyek

Director, Information Technology & Telecommunication Services
____________________________________________________