April 11, 2014
The “Heartbleed Bug” is a serious flaw in one of the tools used to secure the Internet. The tool, called OpenSSL, is used when you log in to social media, check a bank statement, or make an online purchase. Because of the OpenSSL flaw, the Heartbleed Bug allows an attacker to steal information such as usernames, passwords, and other information typed on compromised websites.
Extra caution should be used when you’re online until the affected websites and computers are fixed (or “patched”). There is a valuable list on CNET identifying websites that have been patched and which ones recommend a password change.
Be alert to “phishing” attempts that take advantage of Heartbleed. It is very likely that you’ll receive email pretending to be from major websites warning you to change your password. A fake link will be provided to go to–which instead will steal your password! If you want to change your password, do not click on a link in an email, but instead enter the website URL directly into your Internet browser.
At this point, there is no evidence that UF passwords or campus-wide systems (e.g., myUFL, ISIS, e-Learning) have been compromised. Anyone who suspects their password has been used without their permission should contact the UF Computing Helpdesk (352-392-4357/HELP, firstname.lastname@example.org, 132 Hub).
On April 10, UF’s Chief Information Security Officer emailed the campus IT community about the Heartbleed Bug’s impact. That message is available on the Information Security website. Please email the Information Security Office if you have any additional questions.