Heartbleed Bug

Published on 11 April 2014

Heartbleed Bug

You may be aware of reports in the media (for example, the BBC) about an IT security vulnerability, known as the 'Heartbleed Bug', which can be used to exploit systems and obtain information, including passwords.

Computing Services are fully aware of this threat and, on the day that the exploit was discovered, steps were taken to scan potentially vulnerable systems and update those which may have been open to attack.

The Heartbleed Bug does not affect Windows-based systems such as the Managed Windows Service (MWS), and therefore these systems have not been put at risk as a result of the exploit.

Some companies are advising customers to change their passwords - in these cases it is prudent to follow their advice. However, Computing Services are not currently advising you to rush to change the passwords that you use for University systems unless those passwords are the same as those which you use elsewhere.

You should also be aware that there may be phishing attempts by third parties, using the Heartbleed Bug as a cover, to obtain your passwords. Always go directly to the company/organisation's website and do not click on any links in emails that you may receive. Information about email security is available from the Computing Services website, along with some tips on how to be streetwise with your email.

It is generally good practice to change your passwords periodically. Advice about choosing a strong password is also available from the Computing Services website.

Computing Services will issue another alert if we need to update or change this advice: you may wish to follow us on Twitter @liverpoolcsd for the latest news. If you do suspect that your University account has been compromised then, as always, you should change your password straight away and contact the Helpdesk.