Skip to content

UCU will be closed on Monday, July 4th, in observance of Independence Day.


You may have heard a lot of talk recently about a web bug called Heartbleed. Heartbleed is a security vulnerability in OpenSSL, a popular, open-source protocol used to encrypt portions of the web. It’s used to protect some usernames, passwords, and sensitive information set on secure websites. UCU’s website does not use OpenSSL where the vulnerability may exist, but uses a custom implementation of TLS/SSL. This means that UCU’s website in unaffected by the Heartbleed bug. Heartbleed is not a design flaw in SSL/TLS protocol, but implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.

If you have used login credentials on a site that has the vulnerability, that password may have been compromised by the security bug, and you’ll want to change it once the bug is fixed. Because each system administrator has to manually fix the problem, which takes time, there’s really nothing you can do until the compromised sites are up and running with an updated version of OpenSSL, and a new security certificate in place — a “reset” of the encryption used to protect current and archived information on the server going forward. For more technical and specific information on Heartbleed, the details can be found at If you are unsure if a site you are using may contain the vulnerability, the following site can run a test:

As always, it’s always a good idea to change your passwords periodically and to use different usernames and passwords for different sites. If you have any questions, please don’t hesitate to contact us at 800.696.8628.