For a better experience, click the Compatibility Mode icon above to turn off Compatibility Mode, which is only for viewing older websites.

SSL Heartbleed Flaw

April 10, 2014

Concerning the recently-discovered SSL Heartbleed flaw, we can confirm that the major systems managed by the Office of Information Resources and Technology (IRT) were not vulnerable. However, non-IRT systems might be affected.

If you doubt the security of Web sites you use and wish to change your sign-in credentials, know that you might need to change them again in a few days once those outside sites confirm that they have been secured. We recommend using longer but easier to remember passwords rather than short, complicated ones.

More information about Heartbleed can be found on Engadget's Web site. More advice for protecting yourself from the flaw and creating strong passwords can be found on LATimes' Web site. For a listing of popular Web sites that are and are not affected, see this article on Mashable.

See the below table for affected and non-affected systems:

Secure Systems and Services Vulnerable Systems and Services
Banner Maximus—now repaired
DrexelOne Jenzabar—now repaired
DrexelConnect Non-IRT managed systems
Blackboard Learn
ExchangeWeb  
All Drexel web-based email  
Drexel file shares  
Software.drexel.edu  
Dragonfly and Mantis wireless networks  
Drexel and DrexelMed VPNs  
AskDrexel  
AllScripts  
GE  
Cisco AnyConnect client for iOS devices (iPhones and iPads)