Critical Web Vulnerability Announced: Heartbleed

A major flaw in the security software used by millions of websites has been identified, affecting services such as banks, email, and social media. The vulnerability known as Heartbleed has the potential to expose user names and passwords, the content of communications, and users’ data to anyone who knows how to exploit the weakness. This does not necessarily mean that your information has been stolen, but it may be vulnerable to theft until a fix is applied to affected websites.

Currently, only a few systems on the University network have been found to have this vulnerability, and Information Security Officers have assessed the University’s risk as low. Staff in University IT and Information Systems Division have been working to identify any vulnerable sites at the University and assist where needed to apply the fix.

What You Should Do

Experts recommend users change the passwords for all of their online accounts to protect themselves from this vulnerability. For University accounts, you should change your passwords regularly, using the password guidelines on MyIdentity or the guidelines provided by the Medical Center.

Before changing your passwords, it is important to verify that the website is not still vulnerable to this security flaw. You can easily check if a site is secure by entering the site’s URL on http://filippo.io/Heartbleed.

If you have any questions concerning this vulnerability, contact your IT support staff or University Help Desk:

  • University IT:  275-2000
  • Information Systems Division:  275-3200

Further Reading