IMPORTANT :: Security Issue - Heartbleed Bug

IMPORTANT :: Security Issue - Heartbleed Bug

Information for Heartbleed security vulnerability

What is happening?

You may have heard about a serious Internet security bug called Heartbleed. The bug allows an attacker to read small chunks of information, which might contain usernames and passwords, from vulnerable systems. The University remote access VPN system had this bug and was immediately patched when it came to light. There are no other known internal systems with the vulnerability. There has been no evidence of any breach affecting any University systems.

Many external systems, including common services such as Facebook and Gmail, were vulnerable. A detailed list of popular services can be found at the end of this message including information on whether or not they were subject to the vulnerability.

What should you do?

If you use any of the external services affected then you should change your password to protect your own privacy. 

If you have used your University username and password for any of the websites below then you must change your University password.    This is essential as your username and password could be used to access your University email account and other services thus exposing personal data of yours and others.

You should maintain good password discipline by:

  • Using different passwords for each system that contains sensitive data.
  • Only ever using your University password for University systems.  Never using your University password for any external websites.
  • Use different passwords for different websites
  • Regularly changing your passwords

In order to change your University password please copy and paste the following links to a web browser:

change password

 

There is a likelihood that you may receive phishing emails asking you to change your password.  Check the address of the web page carefully before entering your password details and confirm that the padlock item is shown:

Clicking on the padlock item should confirm that the site has been identified as “www.abdn.ac.uk”.

Compromised Sites:

The following is a list of popular websites along with advice on whether you need to reset your password or not.

Site Name

Was it affected?

Do you need to change your password?

Amazon Web Hosting

Yes

Yes

Box

Yes

Yes

Dropbox

Yes

Yes

Facebook

Yes

Yes

Flickr

Yes

Yes

GitHub

Yes

Yes

Gmail

Yes

Yes

Instagram

Yes

Yes

LogMeIn

Yes

Yes

Minecraft

Yes

Yes

Netflix

Yes

Yes

Pinterest

Yes

Yes

SoundCloud

Yes

Yes

Tumblr

Yes

Yes

Wikipedia

Yes

Yes

Wordpress

Yes

Yes

Wunderlist

Yes

Yes

Yahoo

Yes

Yes

Yahoo Mail

Yes

Yes

YouTube

Yes

Yes

 

  

Amazon

No

No

AOL

No

No

Apple

No

No

Basecamp

No

No

eBay

No

No

Evernote

No

No

Groupon

No

No

Hotmail / Outlook

No

No

Hulu

No

No

LinkedIn

No

No

Microsoft

No

No

PayPal

No

No

Twitter

No

No

Please remember, never use your University password for anything other than for University systems.