ALERT: Heartbleed: Answers to Questions about Changing UMICH Passwords

The information below was sent to U-M IT security and IT support groups April 11, 2014.

As a follow-up to the recent Heartbleed advisory, ITS has received questions about whether members of the university community should change their UMICH passwords, and, if so, when. Here are the answers we are providing. Please feel free to share this information with those in your unit and/or with those who ask you questions directly.

• ITS is preparing a message for faculty, staff, and students that will recommend members of the university community change their UMICH password. It will be sent out by the end of the week of April 18, when patching is complete.
• Most U-M services are now protected from Heartbleed. ITS and U-M units continue to scan the U-M environment and update those servers and devices that are vulnerable as quickly as possible.
• Please remind people that they should not use their UMICH password for non-university sites and services.

ITS will keep the Safe Computing home page updated with the latest information we have available. You can refer people there for updates and information. We will let you know when systems have been patched and when the email to faculty, staff, and students will be sent.

Thank you for helping to field any questions you get. If you have additional questions, please contact the ITS Service Center.

Sincerely,

Paul Howell 
University Chief Security Officer