Information Technology Services is informing the campus community about a recent security bug with Cloudflare and its potential impact.
Security researchers from Google’s Project Zero uncovered a critical bug in Cloudflare, a content distribution service used by many large websites, which allowed sensitive data — like passwords, cookies and encryption keys — from many popular sites to leak online. If you use one of the sites hosted by Cloudflare it is strongly suggested you change your passwords on those sites. Links to these sites are included at the end of this message.
More information on Cloudbleed, which this bug has been named, can be found here: http://gizmodo.com/everything-you-need-to-know-about-cloudbleed-the-lates-1792710616
Should I Change My Highline Password?
Highline does not use Cloudflare directly, however some mobile apps that you might use to connect do, such as Exchange for iPhone. If you check your Highline email on an iPhone or iPad with the Exchange App, it is strongly suggested you change your password. Note: this is only for Faculty/Staff with @highline.edu email addresses. Students with @students.highline.edu are not affected.
Lists of sites possibly affected by Cloudbleed are available here: https://github.com/pirate/sites-using-cloudflare/blob/master/README.md
Mobile Apps possibly affected are listed here: https://www.nowsecure.com/blog/2017/02/23/cloudflare-cloudbleed-bugs-impact-mobile-apps/
If you need assistance with changing your password, please contact the Help Desk at ext. 4357 (206-592-4357), email helpdesk@highline.edu, submit a ticket online at helpdesk.highline.edu, or visit the Help Desk in Building 30.