Last week I published a brief blog about the OpenSSL heartbeat extension vulnerability, also known as the Heartbleed bug.
One commenter asked, “What about the Cisco.com website? Is it safe to change our passwords on the site?” We received a handful of similar questions from customers today, so I would like to offer our formal advice.
The Cisco Security Incident Response Team (CSIRT) has not found any Cisco.com infrastructure that was vulnerable to the Heartbleed vulnerability. There is also no evidence to suggest a compromise of Cisco.com user accounts.
You are safe to change your password by visiting the Cisco.com profile management page – in fact regular password changes are something we actively recommend.
Regardless of the website you are visiting, use of a strong password and regular password changes are an important part of online safety. If you are looking for more password advice, we recommend the following US-CERT security tip: Choosing and Protecting Passwords.