The Heartbleed bug: what should I do about it?

There has been widespread publicity about the Heartbleed vulnerability. IT services has been assessing the problem and its impact. Most services run by IT services are not affected by this issue. The only major service known to be affected is Canvas, which has now been fixed, and we are in the process of assessing all services. We have seen no evidence of increased misuse or compromised accounts that could be attributed to this issue, so the risk at this stage is believed to be small.

We will be advising all staff and students to change their passwords when we are as certain as we can be that all potentially vulnerable systems are secure and at a time that the advice is likely to have most benefit.

If, however, you have used the same password on any accounts external to the University, you should change your password now, and again when we advise everybody to do so. When changing passwords you must never re-use one that you have used before.