Campus assesses 'Heartbleed' Internet security risk

Information and Educational Technology is distributing the following message today in response to the "Heartbleed" Internet hack.

April 9, 2014

Colleagues,

You might have seen media reports today about the "Heartbleed" Internet security lapse. We are assessing the risk to UC Davis systems and assets, and have begun to fix the problem on campus.

The risk allows hackers to retrieve private information, and extends across the Internet. This CNN report describes the problem, and offers tips. This link offers answers to common questions.

We have found evidence of the Heartbleed risk on some campus servers, and are fixing them this morning. We have also added Heartbleed to the daily network scan for compromised systems; system administrators will be alerted if a server they manage is vulnerable, and can then patch their system to eliminate the vulnerability.

Many experts have advised people to change all of their passwords and passphrases. We are not requiring campus users to change their campus Kerberos passphrase, although you should if you also use that passphrase for non-campus accounts like a bank, retailer, or other service.

The situation is likely to continue to evolve. We will post additional information to campus technologists, and to the general campus, as necessary.

If you have questions about Heartbleed and campus technology, please contact the IT Express Service Desk at (530) 754-HELP (4357).

Regards,

Prasant

Prasant Mohapatra
Interim Vice-Provost and CIO
Professor, Department of Computer Science
University of California, Davis