Heartbleed Security Vulnerability

April 10, 2014

To: UCOP Community
From: IT Service Desk
Subject: Heartbleed Security Vulnerability

Many of you have heard about the “Heartbleed” computer security vulnerability, which affects a large number of websites. Basically, there was a security flaw in the encryption software (Open SSL) used to secure transmission of confidential data to these sites. As a result, the data, including passwords, are potentially at risk. A software update has been issued to fix this vulnerability. ITS is reviewing our systems and will quickly take appropriate action to mitigate the threat. Currently, none of the potentially affected systems are directly exposed to public access.

As of now, you do not need to change any UCOP passwords or take any other steps related to UCOP systems. The IT Service Desk will notify users if any actions are required at a later time.

You may be hearing in the media that you should change the passwords on all your personal accounts. Generally, it’s advisable to check first whether the business or organization has updated their website before you change your passwords; many organizations are posting helpful information on their sites. Please make sure any password you use for an external website is not the same as your UCOP password.

Events like this may trigger an increase in phishing attempts, in which thieves attempt to steal account and password information. Keep in mind the following:

  1. No one at UCOP or any UC location will email you to request your username or password.
  2. Do not click on any link in any email suggesting that you need to change your password, even if the sender appears to be legitimate. Use your browser to go to the sender’s main website for more information or to change your password.

If you have any questions, please contact the IT Service Desk at 987-0457 or servicedesk@ucop.edu.