UIT Alert: UIT Security Alert: OpenSSL "Heartbleed" Vulnerability

Current Status

ResolvedUIT Security Alert: OpenSSL "Heartbleed" Vulnerability

Affected Services

No services are affected by this event.

Event Updates

ResolvedUIT Security Alert: OpenSSL "Heartbleed" Vulnerability
April 10, 2014 , 10:15 PM

UH Faculty, Staff and Students:

This week a serious computer vulnerability named "Heartbleed" was discovered and announced on national news websites. This flaw gives malicious hackers the ability to steal login credentials and personal data from online services using OpenSSL. OpenSSL is the most popular software used to encrypt traffic on the Internet, and is used by an estimated 500,000 websites. Examples of "https"web sites impacted by Heartbleed include social networking, banking, online retailers and many others.

What is UH Doing?

UIT Security along with campus information security officers, technology managers and other IT staff have been diligently working to identify and address all potentially vulnerable UH machines. At this time, we are not aware of any enterprise UIT services affected by this vulnerability requiring campus users to take any action. Administrators of local department resources affected by this vulnerability are working directly with any affected users. UIT Security has verified that the Bank of America payment card processing system used by UHS is not affected by this vulnerability.

What Should You Do?

  • Make sure that your UH username and password are not re-used on any non-UH sites. Many web sites are affected by this bug. Check with the website to determine if you need to reset your password for their site. Facebook, Google, Bing, Pinterest, Instagram and other major websites have posted advisories for their users.
  • Be on alert for increasing phishing attacks related to Heartbleed, which likely will include password reset instructions or advice. Malicious hackers are already taking advantage of the publicity surrounding this issue to steer users to malicious sites.
  • Do not click on links in emails - type the URL for the website directly into your browser especially when navigating to a password reset site.

If you have any questions or concerns please contact UIT Security via email at security@uh.edu or via phone at 832-842-4695.