The VPN concentrators serving sslvpn.uvm.edu have been verified as safe
from this vulnerability. As for "general advice", please see my message
to SECURITY as forwarded by Nick Gingrow ("FW: [SECURITY] serious flaw
in OpenSSL 1.0.1 (CVE-2014-0160/"Heartbleed")").
Let us know if you have further questions or suggestions.
Sam Hooker | [log in to unmask]
Information Security Engineer
Enterprise Technology Services
The University of Vermont
On 20140409, 08:53 , Rich Downing wrote:
> Does UVM's information security personnel have any 'official' advice on
> dealing with the OpenSSL 'Heartbleed' security bug? Should use of Cisco
> AnyConnect be continued?