To all UNM Students, Staff and Faculty:
THIS IS A CRITICAL INTERNET SECURITY BULLETIN
As the news or social media may have informed you, there is a widespread bug affecting the Internet, dubbed Heartbleed.
To find out more about this bug, please visit http://www.us-cert.gov/ncas/alerts/TA14-098A.
What UNM is doing:
The Information Technology department is aware of the Heartbleed bug and has been actively scanning and updating our servers, where appropriate, to address any vulnerabilities. Many UNM services, including Lobomail and MyUNM, are unaffected.
What you should do:
Don't panic. Not all systems are vulnerable, and many websites are already installing patches on their systems.
The best defense against vulnerabilities like this one would be to adhere to these security best practices:
1. Routinely change passwords.
2. Using different passwords for different websites, especially your financial websites.
3. Use your UNM NetID and password combo only for UNM sites and business. Do not use this combination of username and password on 3rd party sites, trusted or not.
4. Use multifactor authentication when possible. Many sites, like banks, credit unions and even Facebook, now offer this service but do not require it.
5. Expect new email phishing and social engineering campaigns to take advantage of this wave of fear many users may now have in the wake of this announcement.
For a comprehensive, updated list of consumer sites affected by Heartbleed, please visit:
We continue to ensure the University's data is protected and we will keep you updated.
UNM Information Security Team