An Internet security flaw called “Heartbleed” has been featured in the news recently. UChicago IT Security has provided the following answers to some questions campus users may have:
What is “Heartbleed”?
Heartbleed is a software security flaw in one of the most common security protocols used on the Internet. The flaw makes sensitive information vulnerable to exposure or theft. This flaw put many websites at risk around the world, including major businesses and social media websites. Some websites at the University of Chicago may also have been vulnerable.
What information may have been stolen?
While there is no evidence of a breach actually occurring, the flaw could allow information such as passwords, emails, instant messages, and credit card numbers to be exploited.
What is being done to resolve this issue?
UChicago IT Security is working with IT professionals across the University to identify and remediate vulnerable websites. Centrally operated services are not vulnerable.
What can I do to address this problem?
Unfortunately, there isn’t any action you can take at present. The administrators of vulnerable services need to update their software in order to protect users. However, once the vulnerable sites have been remediated you should change your passwords. Site providers will send you information, clearly identifying themselves and spelling out action steps, if changes are recommended.
Please keep in mind that phishing attacks—in which outside parties attempt to get access to you private information—frequently occur when vulnerabilities are discovered. DO NOT FOLLOW LINKS to change passwords pasted in emails.
What can I do to prevent things like this in the future?
All website users are encouraged to change their passwords regularly and to not use the same password for multiple sites These measures alone can help avoid breaches of personal information.
For questions or more information, please contact IT Security at security@uchicago.edu.