Free University of Bozen · Bolzano - Welcome
Back to department main page
Please choose a picture.
The missionThe mission of the Department Information & Communication Technologies (ICT) is to work in partnership with faculty, students and staff to develop the strategy and manage the operations of the Free University of Bozen/Bolzano through the innovative use and development of existing and emerging technologies, technology support and user service.
ICT News
15.04.2014
Recently, media have reported on a severe security vulnerability named Heartbleed. Attackers might use it to gain access to information that is sent encrypted over the Internet. Heartbleed has affected several big companies/organizations all over the world. A few servers of the Free University of Bozen-Bolzano also could have been affected. Fortunately, we were able to close this security gap in a short time. At the moment there is no evidence that someone took advantage of this exploit of our central ICT services i.e. to steal passwords. However, there is no 100% guarantee that we fully escaped the threat. What does this mean to me? Do I have to change my password? The ICT recommends to change the password for the central services every 3 or 6 months. In many cases this is also required by law. Due to the current situation it would be a good time to do it now. You have the possibility to change the password on this Website: https://aws.unibz.it/PWD/Secure/Default.aspx For all other services please refer to the recommendations of the service providers. Summary of the currently known facts: -  The Free University of Bozen-Bolzano runs a huge number of servers. A small amount of those servers were affected by the Heartbleed security vulnerability. -  Fortunately, all the important web-servers were not affected. -  Vulnerable servers using Single-Sign-On can never provide passwords to attackers, because passwords are never queried or processed directly by these servers. -  The amount of time between discovering and fixing the problem was relatively short. -  The security hole in OpenSSL existed for a long time before security experts discovered it. Conclusions: There are no reasons to panic. However, it is strongly recommended to change password.
© UniBz