Information Services &
Technology would like to inform you that earlier this week
a serious bug in a common internet tool "OpenSSL" was discovered. This
weakness dubbed The Heartbleed Bug, affects a large number of websites and
systems on the Internet that use the secure/encrypted SSL protocol for
communication (ie. pages that start with https).
This tool is most often used
when conducting e-commerce or exchanging private
or personal information and is used at the University of Manitoba and across the
globe.
We are pleased to report
that no major enterprise wide systems were affected by
this vulnerability and that IST has patched, updated or otherwise minimized the
risk on the few systems that were found vulnerable.
However, we must caution
everyone that sites you visit off campus may not be
secure. System administrators around the globe are working to fix this issue.
We urge you to use caution when using e-commerce sites unless the site has an
official statement that they have fixed the issue, and then follow their guidelines.
This may include changing the password that you use on those services.
Please be extra cautious
with unsolicited emails related to your personal or
business accounts. Now is the perfect opportunity for an attacker to steal
passwords or personal information through malicious web links or attachments.
Always visit the account site directly and do not follow links in email that you
cannot verify are legitimate.
The University of Manitoba
is not asking you to change any service passwords at
this time.
If you have any questions
or concerns please contact the Service Desk at
204-474-8600.
IST Help & Solutions
Centre
123 Fletcher Argue
230 Neil John MacLean Library
204-474-8600
support@umanitoba.ca
To sign up for IST-Alerts
please visit the following link:
http://lists.umanitoba.ca/mailman/listinfo/ist-alerts
Updated information is also
available on Facebook, Twitter and the IST Blog.
{CMI: UM537454}