On Tuesday, April 8, 2014, the OpenSSL Project team announced the Heartbleed security vulnerability. The team of security researchers have discovered an extremely critical vulnerability in recent versions of OpenSSL that can expose data on systems running OpenSSL, including passwords and other sensitive data.
Most campus technology services and other online consumer services, such as online banking or photo-sharing, use OpenSSL, one of the most popular data encryption tools for Web traffic.
UM-Flint ITS staff have been in the process of patching SSL and replacing security certificates since early this morning. ITS DOES NOT recommend that Faculty, Staff, and Students voluntarily change their UM-Flint password at this time, please wait until ITS sends a follow up notification that all patching and new SSL certificates have been put in place.
For non-UM-Flint websites:
· Do not change your passwords or transmit data to secure Web sites or services that you normally use until you have received an official security update.
· Only change your passwords after you have confirmed that the site or service has installed a security update.
· Monitor your sensitive online accounts (e.g., banking, email) for suspicious activity for at least the next week.
For further information on the Heartbleed vulnerability visit: http://heartbleed.com