Message to campus about Heartbleed Internet security bug

Heartbleed Internet security bug

Information and Educational Technology emailed this message on Friday, April 11, to faculty, students and staff.

April 11, 2014

Dear Colleagues:

Earlier this week, we issued a communication alerting the campus community about a serious Internet security vulnerability known as the Heartbleed bug. You have likely read or heard about it in the news or from notices released by your departments. We have moved swiftly to remediate the risk at UC Davis, to the point that we can now recommend you change your Kerberos passphrase to minimize risks to you and to the community.

We have adjusted our campus network scans to look for evidence of the Heartbleed bug, and campus technologists have patched most campus systems. So far, we have not detected compromises to campus systems. That does not mean there is no risk. The Heartbleed bug allows data theft, but does not leave proof that a theft has occurred.

With this in mind, here are a few actions we recommend you take:

  • We recommend you change your Kerberos passphrase. Go to computingaccounts.ucdavis.edu, select "Change your passphrase," and follow the instructions.
  • You should not use your Kerberos passphrase for any non-UC services. Re-using passwords increases the risk of a breach.
  • You should also seriously consider changing your passphrases for other services, such as banks and retailers, once they have fixed their own vulnerabilities.
  • Do not respond to suspicious email messages, especially when they ask you for your passphrase or other personal information. More information is available at security.ucdavis.edu.

Also:

If you have questions about Heartbleed and securing your computer, please contact the IT Express Service Desk at (530) 754-HELP (4357).

Regards,

Prasant Prasant Mohapatra
Interim Vice Provost and CIO
Professor, Department of Computer Science
University of California, Davis