As you may have heard, there is a new, potentially widespread, vulnerability affecting computers, but more commonly servers, dubbed Shellshock.
What UNM is doing
The Information Technology department is aware of the Shellshock bug and has been actively scanning and updating our servers, where appropriate, to address any vulnerabilities. Many UNM services, including Lobomail and MyUNM, have not been affected. While the threat is serious, the impact is not yet known. However, UNM IT already has multiple layers of protection in place to prevent the exploitation of these types of vulnerabilities.
What you should do
Don't panic. Not all systems are vulnerable, and many websites are already installing patches on their systems.
The best defense against vulnerabilities like this one would be to adhere to these security best practices:
1. Routinely change passwords.
2. Using different passwords for different websites, especially your financial websites.
3. Use your UNM NetID and password combo only for UNM sites and business. Do not use this combination of username and password on 3rd party sites, trusted or not.
4. Use multifactor authentication when possible. Many sites, like banks, credit unions and even Facebook, now offer this service but do not require it.
5. Expect new email phishing and social engineering campaigns to take advantage of this wave of fear many users may now have in the wake of this announcement.
To find out more about this bug, visit https://www.us-cert.gov/ncas/alerts/TA14-268A.
For a comprehensive, updated list of consumer sites affected by Shellshock, please visit http://www.pcworld.com/article/2687857/bigger-than-heartbleed-shellshock-flaw-leaves-os-x-linux-more-open-to-attack.html.
The UNM Security Team continues to ensure the University's data is protected and we will keep you updated.