The Heartbleed Exploit

Other affected Web sites

Heartbleed affects OpenSSL, a security software library used at Web sites around the world.

As a result, many popular Web servers and services have been affected - amazon.com, yahoo.com, and many other popular sites. As the researchers at CODENOMICON said in their announcement, "Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites rub by your government might be using vulnerable OpenSSL."

Although there is a little evidence that the Heartbleed vulnerability has been used to steal passwords from affected sites, because this bug has existed for two years before the CODENOMICON announcement, we advise you to be careful about what sites you visit.

The University also recommends that you follow the procedure outlined below to change the passwords you use at Web sites where you have email accounts, shop, make financial transactions, or have confidentiail informaion stored.

  1. Do not change your password at another site until you have either seen an announcement at that site that the vulnerability has been patched or you have used either Filippo Valsorda's or SSL Labs' Heartbleed test to make sure that the site is safe.
  2. Visit one of the Heartbleed test sites:
  3. Type the name of the site in the text box, then click Go! or Submit.
  4. If you see a message that the site seems safe, log in to the site and change your passwor.
  5. Check on each site's Heartbleed status before changing your password.

Search IT Help

My UD Search for forms & applications.