College Office

What is Heartbleed?

Heartbleed is the name given to a severe vulnerability found in OpenSSL. This is an application that many websites use to encrypt and protect online activities. Many organizations that provide online services such as commercial email, shopping, and banking have been affected. The vulnerability exposes information sent electronically both to and from the affected organization and puts at risk information like passwords, credit card numbers, personally identifiable information, account information, and financial details.

What is MSU doing to protect my information?

While there is no evidence that any MSU services have been compromised, ITC has identified and patched all of the centrally managed services that were vulnerable. ITC will continue to assist distributed departments in the identification and remediation of any other MSU services that may be susceptible to this vulnerability.

Do I need to change my passwords?

As a precaution, ITC encourages MSU students, staff, and faculty to change their passwords for both University provided services as well as sensitive accounts used outside of work such as online banking or shopping sites.

MSU passwords can be changed at http://password.montana.edu.

How do I know if my server is vulnerable?

Contact local IT support staff for help in determining if your server is using OpenSSL and if it is vulnerable. If local IT staff is not available email itsecurity@montana.edu.

Additionally, to see if a particular website is vulnerable, visit a Heartbleed test site such as http://filippo.io/Heartbleed.

Where can I find more information?

If you have further questions about Heartbleed, email itsecurity@montana.edu.

For additional information, please reference the sites below: