Meloria • Ever Better
Search Tools Main Menu

Critical Web Vulnerability Announced: Heartbleed

A major flaw in the security software used by millions of Web sites has been identified affecting services such as banks, email, and social media. The vulnerability, known as Heartbleed, has the potential to expose usernames and passwords, the content of communications, and users' data to anyone who knows how to exploit the weakness.  This does not necessarily mean that your information has been stolen.  Your information may be vulnerable to theft until a fix is applied to affected Web sites.

Currently, only a few systems on the University network have been found to have this vulnerability, and Information Security Officers have assessed the University's risk as low.  Staff in University IT and Information Systems Division have been working to identify any vulnerable sites at the University and assist where needed to apply the fix. 

What You Should Do

Experts recommend users change the passwords for all of their online accounts to protect themselves from this vulnerability.  For University accounts, you should change your passwords regularly, using the password guidelines on MyIdentity (https://myidentity.rochester.edu) or provided by the Medical Center at https://sites.mc.rochester.edu/information-systems/get-help/account-and-systems-access/resetchange-passwords.

Before changing your passwords, it is important to verify that the web site is not still vulnerable to this security flaw.  You can easily check if a site is secure by entering the site's URL on

http://filippo.io/Heartbleed/

Further information about this vulnerability can be found at:

http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/heartbleed-what-you-should-know/?tid=pm_pop

If you have any questions concerning this vulnerability, please contact your IT support staff, or University Help Desk:

University IT                               275-2000

Information Systems Division       275-3200