Hi Rich,

The VPN concentrators serving have been verified as safe
from this vulnerability. As for "general advice", please see my message
to SECURITY as forwarded by Nick Gingrow ("FW: [SECURITY] serious flaw
in OpenSSL 1.0.1 (CVE-2014-0160/"Heartbleed")").

Let us know if you have further questions or suggestions.



Sam Hooker | [log in to unmask]
Information Security Engineer
Enterprise Technology Services
The University of Vermont

On 20140409, 08:53 , Rich Downing wrote:
> Hi,
> Does UVM's information security personnel have any 'official' advice on
> dealing with the OpenSSL 'Heartbleed' security bug? Should use of Cisco
> AnyConnect be continued?
> Rich