Kyoto University Library Network

In response to the Heartbleed security vulnerability, Thomson Reuters is
recommending users of Web of Science, EndNote online,
ResearcherID and InCites (Journal Citation Reports, Essential Science Indicators)
to change their password:

------------------
Thomson Reuters is aware of the widely reported ‘Heartbleed’
vulnerability impacting certain versions of the OpenSSL web encryption
program. The vast majority of our business applications do not rely on
OpenSSL for web encryption and do not have exposure to this vulnerability.

Thomson Reuters takes the privacy and security of our customers’
information very seriously and are working to identify and remediate any
servers which may be impacted by an unsecured version of OpenSSL.

While most of our services are unaffected, we identified that Web of
Science uses a version of OpenSSL that may have been vulnerable. We have
taken remediation steps to secure the server.

While there is no evidence that any customer information has been
compromised, we suggest changing your password for Web of Science as a
precautionary measure. Please note: If you are also a subscriber to
Thomson Innovation, Cortellis, EndNote or InCites, which have a shared
password with Web of Science, then this shared password only needs
changing once.

As part of our assessment and remediation efforts, we will continue our
vigilant monitoring programs to protect our customers’ information and
continue to provide updates as appropriate.

Thank you for your attention to this matter.

Tweet