There has been much media coverage of the Heartbleed vulnerability impacting secure web servers worldwide. Here is some information and advice regarding our situation here.
- Heartbleed is a vulnerability in OpenSSL, which is software used to secure financial transactions on the web, such as credit card transmissions in online shopping.
- All UM IT staff who manage servers are taking this very seriously and working to quickly mitigate any problems with University servers.
- ITSS web servers that manage credit card transaction have been checked and are clear of the vulnerability. More than half of UMD web servers did not have the vulnerability, and the remainder are either protected by firewalls or handle very low traffic. ITSS staff are patching all impacted servers.
- Some in the media are calling for password changes, but changing a password in a system that has not been patched might make things worse. You may want to wait for more information before making any wholesale password changes.
- Beware of Phishing: Do not click on links provided to you in any notification emails to change your password; there is potential for an increase in phishing scams based on this event. We recommend directly typing the URL (or using a bookmark you've previously saved), to help avoid potential phishing attacks.
- Monitor your credit card statements carefully and watch for transactions that you did not make. Check your provider's web site to see if they have posted information about their status and any recommendations they may have.
- Don't panic but be vigilant.