'Heartbleed' bug bleeds private user data onto the Internet
Bug exploits loophole in encryption protocols, leaks private data
Wednesday, UB Chief Information Officer J. Brice Bible sent an email to all students and faculty regarding an Internet bug that left up to two-thirds of servers open to potential breach.
Wednesday, Chief Information Officer J. Brice Bible sent an email to all students and faculty informing them of "Heartbleed" - an online bug that experts say left up to two-thirds of Internet servers open to potential breach.
Google and cyber-security firm Codenomicon engineers detected the bug this week. Heartbleed is the name given to a particular vulnerability in certain web security software. This gap allows anyone privy to the defect to collect user data that would regularly be inaccessible.
Bible said there is "no evidence" UB sites were compromised. He prompted students and staff members to be wary and "pay close attention to all your sensitive user accounts."
Jeffrey Murphy, the interim information security officer at UB, saidUB passwords and usernames have always been safe from this type of security breach. Some UB websites, like UBLearns, however, were susceptible to the bug gaining access to "snippets" of content without gaining information about the user. As of 5 p.m. yesterday, all central and department systems were reviewed, according to Murphy.
Experts revealed the vulnerability goes back over two years. But it remains unclear how long anyone has been aware of the gap in the most widely used encryption software, OpenSSL.
Most web users know OpenSSL as a closed padlock icon alongside "https" in the address bar of certain websites. The encryption software is used in a wide range of sites, protecting everything from email conversations to credit card numbers. Affected sites include Twitter, Facebook, Gmail and TurboTax, though most major sites are now claiming they have patched the hole in their security.
Despite safety for UB usernames and passwords, Murphy urges students to consistently change passwords and check bank and credit card statements. Both sentiments have been repeated widely in the wake of the breach becoming public as general ways to be safe on the Internet, in which threats like this are always present.
Ken Smith, the manager of computer operations, said before a user changes passwords or security information, he or she should make sure the websites have updated their encryption key - otherwise a breach could still potentially occur.
Conflicting reports have circulated the Internet on the seriousness of the breach. Some experts, like computer security specialist Bruce Schneier, are portraying the security vulnerability as "catastrophic." Others, like Forbes contributor James Lyne, bemoan such claims as hyperbolic. Meanwhile, major sites like Google and Amazon are claiming they have either corrected any security holes or, in the case of the latter, were not impacted.
Likewise, students are split on the seriousness of the bug.
"Internet breaches aren't a very new thing ... so I'm not worried," said Gino Notto, a sophomore computer science major.
Shintaro Matsamoto, a senior computer science major, called this "a serious issue," going on to state he was worried about the breach.
The Heartbleed vulnerability is being corrected by websites patching their security. Websites such as Yahoo! and security experts are urging Internet users to change passwords and remain vigilant of personal data and information, like bank accounts.
Websites like http://filippo.io/Heartbleed/ offer a way to check whether sites are safe.
Sam Fernando, Tress Klassen and Ben Tarhan contributed reporting to this story.
Get Top Stories Delivered Weekly
From Around the Web
More ubspectrum News Articles
Recent ubspectrum News Articles
Discuss This Article
MOST POPULAR UBSPECTRUM NEWS
GET TOP STORIES DELIVERED WEEKLY
FOLLOW OUR NEWSPAPER
LATEST UBSPECTRUM NEWS
- Buffalo’s defense finally shows up
- Bulls defeat Spartans 36-7 behind a dominant defensive performance
- Gridiron Report Card: The Spectrum grades the Bulls’ 36-7 win over Norfolk...
- À la Mode: Style Guide
- Unprecedented number of students prompt increased tailgate patrol
- UB looks to overhaul general education requirements
- StandWithUs brings Charlotte Korchak to UB to discuss the Israeli-Palestinian...
FROM AROUND THE WEB
- Wondering if it's Time to Buy a New Car? Just Check Your...
- Smartphone to Become Wallet -- Are Customers, Businesses...
- Grandparents, Keep Your Meds Up and Away From Young Children
- As Insurers End Coverage for Compounded Drugs, Patients...
- 4 Tips to Start Your Day a Little Earlier
- Join the Force to Fight Lung Cancer in Women
- If You Want to Help Avoid Back Problems, Stop Slouching
- Common-Sense Strategies From a Natural Marketing Guru
- 10 Steps to Help Older Adults Prevent Slips, Trips and Falls
- Stay Cool for Next to Nothing: Power Down the AC on...
COLLEGE PRESS RELEASES
- Peace Corps Director Calls on College Students to Make a Difference After Graduation Through International Service
- USA NETWORK AND VERIZON LAUNCH THE “CHARACTERS UNITE COLLEGE TOUR” COMPETITION FOR STUDENTS TO BRING A USA NETWORK CELEBRITY AND A WORTHY CAUSE TO THEIR CAMPUS
- WHEN GEORGIA SMILED: THE ROBIN MCGRAW REVELATION FOUNDATION TEAMS WITH PIVOT AND STUDENTS OF THE WORLD TO LAUNCH THE #iASPIRE GRANT CONTEST
- Latino Groups Launch National Campaign to Deliver Record Latino Turnout for 2014 Midterm Elections
- The Power of Peer Support: Sheryl Sandberg's "Lean In" Hits Campuses