Center for Information Technology Services

UMB Responds to the April 2014 OpenSSL (“Heartbleed”) Vulnerabilityheartbleed

A major security vulnerability named “Heartbleed” was discovered by Internet security experts on April 7 and has potential to impact all Internet use between users’ computers and servers that use Open SSL (Web pages that start with https). Estimates are that more than two-thirds of all websites on the Internet that use Open SSL encryption may be affected by this vulnerability. The security vulnerability permits the theft of some information including user ID and passwords, in addition to any information shared between the user and the server that would normally be protected during the session.

Since Tuesday morning CITS and IT administrators for UMB schools and departments have been evaluating servers and have patched all major web services impacted by the “Heartbleed” bug. IT staff are also updating all of the digital security certificates used to validate server traffic.

What should you do?

  • See if there are sites you use that require an immediate password update by checking out http://mashable.com/2014/04/09/heartbleed-bug-websites-affected 
      
  • Use unique passwords for each of your online accounts. If you have used the same password for multiple accounts, after you are certain the sites have been patched, change your passwords on those accounts to unique passwords.
       
    It’s especially important to use separate passwords with accounts like email and online banking. If a criminal gains access to one account, all of them can be compromised. To keep track of your passwords, consider using a password manager such as KeePass, mSecure, LastPass or 1Password. See http://en.wikipedia.org/wiki/Password_manager for more information about password managers.
       
  • Test a site to see if it is still vulnerable by going to https://www.ssllabs.com/ssltest and typing in the site’s URL. 
     
  • Look out for phishing schemes that will likely play off of this bug. Do not click on suspicious or unknown links in email. Play it safe - type the link directly into your Web browser or navigate to it from a known safe website. For instance, to access the myUMB Portal, type in myumb.umaryland.edu or select it from the menu at the top of the umaryland.edu site.  

If you have questions, please contact the UMB Help Desk at help@umaryland.edu or 6-HELP (6-4357).