Heartbleed Bug and UNL Security


In yesterday’s UNL Today, ITS Security posted an article about the Heartbleed Bug. This is what it means to CEHS faculty, staff, and students:

The Heartbleed bug has been found in software used by a majority of secure web sites (sites that start with “https”) to encrypt personal and sensitive information, such as your login and password to your bank.
ITS and CEHS IT are running scans to identify if any of UNL / CEHS secure servers have been exploited. Any compromised servers will be updated and restarted to eliminate the problem.

Because of this bug, there may be an increase of phishing emails to faculty, staff, and students. A phishing email pretend to be from a legitimate source saying their secure server was compromised and request users to change passwords. You need to be very careful that you don’t enter your login and passwords in a fake site. See http://its.unl.edu/phishingunl for more information regarding phony emails.

If there are any doubts that Heartbleed-related communications are legitimate, contact the ITS help center, the ITS security team, or your local CEHS IT support team.

If UNL information technology staff or CEHS IT staff request password changes for a particular service, follow the advice immediately. These requests will not include links to Web pages, will be signed by an ITS or CEHS staff member, and can be verified with an email or phone call.

For more information, send email to security@unl.edu.