Updated On April 11, 2014 - 10:26am

Steps to Protect Against Heartbleed Vulnerability

UCLA Logon ID servers and other central campus systems have been updated to help protect your information against the HeartBleed vulnerability. For more information on how to safeguard your accounts, go to: https://www.itsecurity.ucla.edu/heartbleed

To the Campus Community:

You may have heard news accounts this week about a widespread Internet vulnerability – codenamed “HeartBleed” – in a piece of software known as OpenSSL. By encrypting the connection between your device and a server, the software provides secure communications underlying a large number of web sites globally, including popular social media, shopping, email, and other web-based applications. Security teams worldwide have been working to address HeartBleed since it was first announced.

At UCLA, the UCLA Logon ID servers and other central campus systems have been updated to protect against the HeartBleed vulnerability. The UCLA IT Security Office has notified IT Compliance Coordinators and others who manage sensitive information about HeartBleed and are working with units to ensure any necessary remediation is under way.

As a precautionary measure, it is very important that you immediately change the password to your UCLA Logon ID by going to https://logon.ucla.edu/passchange.php.

The UCLA Health System’s CareConnect and MedNet applications are not known to be affected by this vulnerability and a password change is not required unless you use the same password for multiple accounts. Using the same password for important accounts is a practice that should be avoided.

Many of the web sites and Internet services you use in your personal life will likely have been affected by the HeartBleed vulnerability. Advice on how to handle accounts you hold with these sites is difficult to distill. However, generally you will want to change your password for these services only after you have been given an indication that they have been updated to protect against the vulnerability. At the same time, be wary of phishing scams asking you to change your password.

Further information and resources about the HeartBleed vulnerability may be found at https://www.itsecurity.ucla.edu/heartbleed. You may also contact the Bruin OnLine Help Desk at (310) 267-4357 orconsult@ucla.edu with any questions. For the Health System, you may contact the ISS Help Desk at 310-794-HELP or IThelpdesk@mednet.ucla.edu.

Sincerely,

Andrew Wissmiller
Associate Vice Chancellor
Information Technology Services

 

Virginia McFerran
Chief Information Officer
Health Sciences