Skip to Page Content

Stories

UGA response to Heartbleed bug

Tuesday, April 15, 2014

Since security researchers announced a vulnerability called the Heartbleed bug, the University of Georgia’s Office of Information Security has taken an aggressive approach to remediate any potential vulnerabilities.

None of the University’s critical centrally-supported information systems, including Banner and the Central Authentication Service (CAS), have been affected by the Heartbleed bug.

At this time, there is no need to change all MyID passwords.

The Heartbleed bug is a flaw in OpenSSL, one of the tools used to secure Internet traffic. The vulnerability could allow attackers to steal passwords and other secret information from supposedly secure web servers.

As soon as the discovery of the Heartbleed bug was announced on April 7, the EITS Office of Information Security immediately began taking steps to remediate any potential vulnerabilities to central University systems.

For systems that only have access for internal UGA users, the Office of Information Security is directly contacting those system owners for remediation steps. It is possible that individuals who accessed those internal systems during the vulnerability may be asked to change their MyID passwords.

What Can You Do?

The Office of Information Security recommends the following for the UGA community:

  • Remember that legitimate UGA emails will never ask you to respond with sensitive information, such as your password or Social Security number.
  • Ensure your MyID password is always different from any other passwords you use.
  • Avoid clicking links found in unusual or unexpected emails that ask you to change your password or other personal information.
  • Consider changing your online passwords, such as those for online banking and commercial sites, later this week. Waiting a few days gives the external sites time to fix the vulnerability.
  • When in doubt, ask questions.

The Office of Information Security will continue to monitor the situation and notify owners of systems potentially affected by the vulnerability.

For questions, please contact the EITS Help Desk at 706-542-3106 or helpdesk@uga.edu.