Skip to main content

Duke Responds To Online Security Issue

NetID web servers not impacted by vulnerability

National media coverage about a flaw discovered this week in one of the Internet's key security methods has raised questions about the potential vulnerability of information on Duke's systems.

The web servers that handle Duke NetID and password authentication were not impacted by the vulnerability, and there is no indication that any Duke sites were compromised, said Richard Biever, the university's chief information security officer.

Read More

Duke IT staff have been working with departments across campus to update security measures on Duke websites and servers in response to the issue discovered with the "OpenSSL" security protocol, which up to two-thirds of all websites rely on for securing online information."We urge all Duke users to subscribe to Duke's multi-factor authentication service as a further protection for their personal data and Duke account, and consider using two-factor authentication for popular services like Google, Facebook and Evernote," Biever said. "In the meantime, we are advising users to be careful about what sites they visit."Instructions for setting up multi-factor authentication are available online.For more information about the OpenSSL vulnerability and how to protect yourself, visit the Duke IT Security Office website.