Critical Web Vulnerability Announced: Heartbleed
A major flaw in the security software used by millions of Web sites has been identified affecting services such as banks, email, and social media. The vulnerability, known as Heartbleed, has the potential to expose usernames and passwords, the content of communications, and users' data to anyone who knows how to exploit the weakness. This does not necessarily mean that your information has been stolen. Your information may be vulnerable to theft until a fix is applied to affected Web sites.
Currently, only a few systems on the University network have been found to have this vulnerability, and Information Security Officers have assessed the University's risk as low. Staff in University IT and Information Systems Division have been working to identify any vulnerable sites at the University and assist where needed to apply the fix.
What You Should Do
Experts recommend users change the passwords for all of their online accounts to protect themselves from this vulnerability. For University accounts, you should change your passwords regularly, using the password guidelines on MyIdentity (https://myidentity.rochester.edu) or provided by the Medical Center at https://sites.mc.rochester.edu/information-systems/get-help/account-and-systems-access/resetchange-passwords.
Before changing your passwords, it is important to verify that the web site is not still vulnerable to this security flaw. You can easily check if a site is secure by entering the site's URL on
Further information about this vulnerability can be found at:
If you have any questions concerning this vulnerability, please contact your IT support staff, or University Help Desk:
University IT 275-2000
Information Systems Division 275-3200