Wednesday, 9 April 2014

University IT and the Heartbleed bug

heartbleed logoYou may have seen news reports of a new IT security vulnerability dubbed 'Heartbleed'.  For example this BBC News story.

The software with the problem is very widely used and many internet services have been affected.  Some University systems also use this software and have therefore been potentially open to attack. These were updated or protected as quickly as possible once this vulnerability was made known.  

It is not known whether anyone has used this exploit to gather University passwords, so we are not currently advising you to rush to change your University password. However it is easy and good practice to change your password - especially if you are concerned or are using the same password elsewhere.

In response to this vulnerability some companies and websites are advising their customers to change their passwords, in these cases it would be prudent to follow their advice, but do watch out for opportunistic phishing attempts and always go direct to the University or company website; do not click links in emails.

We will issue another bulletin if we need to update or change this advice.  As always, should you suspect that your university account has been compromised you should change your password straight away, and contact our Helpdesk on x21111.