Canvas & Heartbleed

Wondering about "Heartbleed", the Open SSL bug as it relates to Canvas at UMW? Last week we received an advisory from Instructure of the vulnerability and the steps their security team were taking to secure communication and privacy within the LMS. A patch was applied, SSL certificates, keys and admin resets were secured to protect against possible session hijacking. Additionally, Instructure outlined processes and provided information about addressing concerns with integrations such as with Banner, our SIS. As a secondary precaution, it is advised that users who have installed  LTIs in their course, take the precaution of changing those passwords to secure your integration as well. Here at UMW, similar steps were also taken on our network and users were advised to change their UMW password. If you have not yet done so, please visit password.umw.edu to change your password. Since your Canvas password is the same as your Eaglenet password, you will not need to take any further … [Read more...]