UBIT handles Heartbleed

Published April 10, 2014

UBIT is working to ensure that the university’s IT services are secure in the wake of Monday’s disclosure of the Heartbleed security vulnerability.

Heartbleed, which affects websites on the Internet, as well as sites at UB, allows information such as UBIT names, passwords and other normally protected data to be stolen.

As of UB Reporter press time, UBIT had confirmed that the UBITName and password servers do not use the compromised software, so “it is highly unlikely that any passwords have been hacked.”

UBIT staff had reviewed all central and distributed servers and determined if the servers were unaffected, fixed the vulnerable software where appropriate or determined if the servers were protected by other means if a fix was not immediately available.

UBIT recommends that UBIT passwords not be used for other purposes. If they are, they should be changed immediately.

In an email to the UB community, J. Brice Bible, vice president and chief information officer, said there is “no evidence that any UB sites have been compromised.” He urged faculty, staff and students to pay close attention to all their sensitive user accounts across the Internet and to contact the providers of those services if they have any questions or concerns.

UBIT will post updates on the issue on its website.