Tuesday, April 15, 2014
Since security researchers announced a vulnerability called the Heartbleed bug, the University of Georgia’s Office of Information Security has taken an aggressive approach to remediate any potential vulnerabilities.
None of the University’s critical centrally-supported information systems, including Banner and the Central Authentication Service (CAS), have been affected by the Heartbleed bug.
At this time, there is no need to change all MyID passwords.
The Heartbleed bug is a flaw in OpenSSL, one of the tools used to secure Internet traffic. The vulnerability could allow attackers to steal passwords and other secret information from supposedly secure web servers.
As soon as the discovery of the Heartbleed bug was announced on April 7, the EITS Office of Information Security immediately began taking steps to remediate any potential vulnerabilities to central University systems.
For systems that only have access for internal UGA users, the Office of Information Security is directly contacting those system owners for remediation steps. It is possible that individuals who accessed those internal systems during the vulnerability may be asked to change their MyID passwords.
The Office of Information Security recommends the following for the UGA community:
The Office of Information Security will continue to monitor the situation and notify owners of systems potentially affected by the vulnerability.
For questions, please contact the EITS Help Desk at 706-542-3106 or firstname.lastname@example.org.