Many computers that provide access to Internet content are vulnerable to an internet security exploit called “Heartbleed” including UNC networks. The bug affects software that a majority of secure websites (those that start with “https”) use to encrypt personal and sensitive information in an attempt to secure it. When exploited, the software bug allows hackers to bypass the encryption and view protected communications, such as usernames and passwords. Once university personnel became aware of this information, immediate efforts began to patch affected central systems for this vulnerability.
UPDATE – 05/12/2014:
UNC-CH users should continue to change their passwords in accordance with the standard existing UNC-CH password change cycle. Please note, UNC-CH users are asked to use different passwords other than their UNC-CH ONYEN password for online accounts such as social networking, online banking, and other commercial websites. The use of different passwords for different online accounts will further reduce the risk of compromise to UNC-CH users’ University and personal accounts.
If you have further questions about the “Heartbleed” risk, contact the ITS help desk at (919) 962-HELP (4357).