University of Oregon

Heartbleed FAQ

Audience
Faculty/Staff
Researcher
Student
GTF

Answers to frequently asked questions about Heartbleed:

Q: Should I change my UO passwords?

A: You will need to change your password, but please wait until asked to do so. To improve security, we need to insure that work across campus has been completed. For assistance in changing your password, see Heartbleed: How to Change Your Password.

 

Q: Should I change my passwords for non-UO services, such as Google, Yahoo, or Dropbox?

A: Generally, yes. For more information on which websites were affected, see Mashable's The Heartbleed Hit List: The Passwords You Need to Change.

 

Q: What is Heartbleed?

A: NPR's article, The Security Bug That Affects Most Of The Internet, Explained, covers the subject well. If you prefer a more visual explanation, see the XKCD cartoon that illustrates how Heartbleed works.

 

Q: What actions has the UO taken?

A: On April 7, the security flaw known as Heartbleed, was discovered. By April 9, Information Services had evaluated all University of Oregon central technology services and either determined they were not affected or patched the software. This includes key services such as email, Banner, DuckWeb, and Blackboard.

 

Q: Can I tell if this has happened to me?

A: According to Heartbleed.com, the Heartbleed exploit leaves no trace and is undetectable. So, it is not possible to tell if it has happened to you.

 

Q: Does this bug effect every user?

A: No. Users would be affected by logging in to vulnerable websites, and not all websites are vulnerable. See Mashable's The Heartbleed Hit List: The Passwords You Need to Change to get an idea of Heartbleed's scope.

 

Q: Does changing my password solve the problem?

A: Not necessarily. Outside the University of Oregon, it's up to each individual website to resolve the issue. So, until they've resolved it, then new password is vulnerable as well.