A security vulnerability, being referred to as Heartbleed, was recently discovered that affects OpenSSL. OpenSSL is software commonly used to secure web servers, including many web-based services throughout the university.
This vulnerability is receiving a lot of attention - and rightly so due to its widespread potential impacts. However, it is important to note that this is only a vulnerability discovered. It is not an attack. In fact, there are no known events at this time where passwords, credit card numbers, or other sensitive data has been compromised due to this vulnerability.
What CU Is Doing
The CU campuses and University Information Systems (UIS) are working together to identify vulnerable systems, including externally hosted servers. As vulnerable systems are found, they are being patched and SSL certificates are being reissued.
What You Can Do
Webmaster and other IT Practitioners:
If you are running OpenSSL versions 1.0.1 through 1.0.1f, we recommend that you update to OpenSSL version 1.0.1g or later as soon as possible, as announced in this security alert.
All CU Employees:
Although we are not urging password updates at this time, it's an excellent opportunity to highlight some password best practices:
● Do not use the same password for multiple services
● Change passwords periodically
As with all headline generating news, there will likely be a rise in phishing email attempts to take advantage of users’ fears of this event. Please take caution and do not click on any link in emails that ask to change your password.
If the situation proves to be more serious, we will provide additional information on steps you can take to protect yourself from this vulnerability
If you have any questions, please call the OIT Help Desk at 4-HELP (303-724-4357)