[cross my posts and hope to...]
The ISO's current information on "Heartbleed" is detailed at
Specifically to the question of "Are we going to force everyone to
change their passwords?":
While our estimation is that the likelihood of a concerted effort
targeting UVM and leveraging this technique is fairly low, this
vulnerability also affects the rest of your online life (other website
with which you conduct sensitive transactions, other networks you use to
access the Internet). Since you're probably already changing your
passwords in those other places, it certainly wouldn’t hurt to change
your UVM password as well.
If you have questions or concerns, let us know.
Sam Hooker | [log in to unmask]
Information Security Engineer
Enterprise Technology Services
The University of Vermont