Heartbleed/OpenSSL Vulnerability - More Info
This is a follow up to our email regarding the recent OpenSSL vulnerability (also known as Heartbleed). This is a very serious vulnerability that allows encrypted information to be stolen, along with the keys to decrypt it.
Due to the nature of this vulnerability, we recommend changing your LawKey and PennKey passwords immediately.
Unfortunately, this change isn’t that simple because many services (such as printers, email, and WiFi) rely on your LawKey and PennKey passwords. After changing your LawKey, you will need to update any device that connects to your email account or network printers.
Reconfiguring Email Accounts on Smartphones
For iOS devices:
- Open settings
- Tap “Mail, Contacts, Calendars”
- Choose your Law School email from the accounts listed, usually titled “Exchange”
- Find the password field and update the password to your new one
(NOTE: There are many different combinations of hardware and version of the Android operating system, so your specific screens and steps may be somewhat different than the ones referenced here. However, the general procedure should be similar)
- Go to “System Settings”
- Scroll down to the “Accounts” section, then tap “Corporate” (on some systems this is called “Corporate Sync”)
- Tap “Account Settings”
- Tap the Law School Exchange account
- Scroll down to the “Server Settings” section and tap “Incoming Settings”
- Update the password field
- Tap “Done”
- Sync the account to make sure the password works
Reconfiguring Network Printers
If you are having issues connecting to network printers, please log off and restart your computer. And if the problem persists after restarting, please email email@example.com.
After updating your PennKey, you will need to reconnect to AirPennNet. To set up AirPennNet:
- Connect to AirPennNet-Help
- Open your preferred web browser. If a page does not automatically load, try to navigate to www.upenn.edu and you should be redirected to a University of Pennsylvania Networking Site.
- Check the box next to “I Accept the Policy” and click the “Start” button
- Depending on your device, either download the XpressConnect app and run it or follow the on screen prompts to connect to AirPennNet.
For a more detailed explanation, please see the University’s configuration documentation.
Other Online Services
If you are curious whether other online services that you use have been affected, this is a useful list of social media sites, banks, email accounts, stores and other services that have been affected and what they have done about it.
If you have any trouble changing your passwords or reconfiguring these services, please email firstname.lastname@example.org.