There has been much in the news recently about the discovery of an internet security issue known as “Heartbleed,” a serious vulnerability that affects almost every site, service, and application connected to the internet.
A solution to the problem was created almost immediately by the people who discovered it, and the fix was released publicly along with the announcement of the problem.
The diocesan communications team has analyzed diocesan internet activity and found there is no evidence of any data compromises or breaches of security.
However, in order to be totally safe, all people with email or other accounts through the diocese are required to change their passwords immediately. This includes all people with an edotn.org email account.
To change your password on your edotn.org account, click on your email address at the upper right hand corner of your mailbox page.
Click on “account” in the box that appears.
Then click on “security” and then on “change password.”
There is no evidence that PayPal was vulnerable to this bug. No one’s credit card or other payment information is at risk through the diocesan PayPal account.
Based on news reports of responses to this problem, here are suggestions and recommendations for individuals and parishes.
- Change all passwords, for all online accounts, for all services. All of them, no exceptions.
- Use good password practices:
- Use strong passwords.
- Use different passwords for each site.
- Do not email your passwords to yourself or other people.
- Help and guidance concerning secure passwords can be found:
- http://en.support.wordpress.com/selecting-a-strong-password/
- http://windows.microsoft.com/en-us/windows-vista/tips-for-creating-a-strong-password
- http://www.pcmag.com/article2/0,2817,2368484,00.asp
- Watch personal bank, credit card, and other financial accounts for evidence of problems and contact those companies if anything seems unusual.
- Pay attention to security updates and communications from personal service providers. Follow their advice.
For more information about the this bug in particular and the nature of internet security, we have prepared a more detailed and in-depth explanation which can be found here.
The communication team is working to fully upgrade all of the software which powers our website, even though we don’t think any of it is directly vulnerable to the bug. This may cause some downtime or delays in service for the next few days.