On April 7, 2014, researchers disclosed a vulnerability in a technology called OpenSSL that powers encryption across much of the Internet. The vulnerability is commonly known as the “OpenSSL Heartbleed Flaw.” Upon notification of the vulnerability, ITD leveraged its Intrusion Detection/Prevention infrastructure as the first line of defense to block exploit attempts that matched known threat signatures. In addition, all related systems hosted with ITD were patched and issued new SSL certificates.

Although there is no reason to believe that any part of our infrastructure has been improperly accessed due to this vulnerability, as a matter of best practice, ITD is requiring that state users change their NDGOV Active Directory credentials on Wednesday, May 7, 2014 between 10:00-11:00 AM.

Please contact the Service Desk for further assistance.