University Post
University of Copenhagen
Independent of management


UCPH systems still secure, says IT head, as Heartbleed bug ravages

Chief of IT security says that the university's own systems are still safe. This is because systems like KUnet are on a so-called 'non-open SSL protocol'. People should change their Facebook and Twitter passwords, says IT

You should change most of your passwords, but not the one for KUnet. Henrik Larsen, Chief Information Security Officer at the University of Copenhagen, assures the University Post that the potentially catastrophic software bug discovered on April 7, 2014, has not affected the university intranet.

The bug nicknamed Heartbleed, is a defect in the OpenSSL protocol, the most widely used way to keep private information (passwords, credit cards numbers and so on) secret.

For a more technical explanation of what the Heartbleed bug is, read this interview by the New York Times. Or this comic.

Change your passwords

“While the University web services run OpenSSL, this is not used for the Intranet KUnet,” says Henrik Larsen from the University IT.

“We are now in the process of renewing the OpenSSL certificates. This could take a couple of days, as the issuers are very busy at moment: the whole world demands new certificates,” he adds.

If you haven’t done it yet, the IT service recommend to change passwords for Facebook, Twitter, Dropbox, Google and Instagram: hackers could steal passwords from one service and use them to gain access to other private information. New passwords should be strong and vary for different web services. See also this comic about difficult to guess / easy to remember passwords.