'Heartbleed' bug bleeds private user data onto the Internet
Bug exploits loophole in encryption protocols, leaks private data
Wednesday, UB Chief Information Officer J. Brice Bible sent an email to all students and faculty regarding an Internet bug that left up to two-thirds of servers open to potential breach.
Wednesday, Chief Information Officer J. Brice Bible sent an email to all students and faculty informing them of "Heartbleed" - an online bug that experts say left up to two-thirds of Internet servers open to potential breach.
Google and cyber-security firm Codenomicon engineers detected the bug this week. Heartbleed is the name given to a particular vulnerability in certain web security software. This gap allows anyone privy to the defect to collect user data that would regularly be inaccessible.
Bible said there is "no evidence" UB sites were compromised. He prompted students and staff members to be wary and "pay close attention to all your sensitive user accounts."
Jeffrey Murphy, the interim information security officer at UB, saidUB passwords and usernames have always been safe from this type of security breach. Some UB websites, like UBLearns, however, were susceptible to the bug gaining access to "snippets" of content without gaining information about the user. As of 5 p.m. yesterday, all central and department systems were reviewed, according to Murphy.
Experts revealed the vulnerability goes back over two years. But it remains unclear how long anyone has been aware of the gap in the most widely used encryption software, OpenSSL.
Most web users know OpenSSL as a closed padlock icon alongside "https" in the address bar of certain websites. The encryption software is used in a wide range of sites, protecting everything from email conversations to credit card numbers. Affected sites include Twitter, Facebook, Gmail and TurboTax, though most major sites are now claiming they have patched the hole in their security.
Despite safety for UB usernames and passwords, Murphy urges students to consistently change passwords and check bank and credit card statements. Both sentiments have been repeated widely in the wake of the breach becoming public as general ways to be safe on the Internet, in which threats like this are always present.
Ken Smith, the manager of computer operations, said before a user changes passwords or security information, he or she should make sure the websites have updated their encryption key - otherwise a breach could still potentially occur.
Conflicting reports have circulated the Internet on the seriousness of the breach. Some experts, like computer security specialist Bruce Schneier, are portraying the security vulnerability as "catastrophic." Others, like Forbes contributor James Lyne, bemoan such claims as hyperbolic. Meanwhile, major sites like Google and Amazon are claiming they have either corrected any security holes or, in the case of the latter, were not impacted.
Likewise, students are split on the seriousness of the bug.
"Internet breaches aren't a very new thing ... so I'm not worried," said Gino Notto, a sophomore computer science major.
Shintaro Matsamoto, a senior computer science major, called this "a serious issue," going on to state he was worried about the breach.
The Heartbleed vulnerability is being corrected by websites patching their security. Websites such as Yahoo! and security experts are urging Internet users to change passwords and remain vigilant of personal data and information, like bank accounts.
Websites like http://filippo.io/Heartbleed/ offer a way to check whether sites are safe.
Sam Fernando, Tress Klassen and Ben Tarhan contributed reporting to this story.
Get Top Stories Delivered Weekly
From Around the Web
More ubspectrum News Articles
Recent ubspectrum News Articles
Discuss This Article
MOST POPULAR UBSPECTRUM
GET TOP STORIES DELIVERED WEEKLY
FOLLOW OUR NEWSPAPER
LATEST UBSPECTRUM NEWS
- James Gardner named interim dean of law school
- Skeete fuels second-half run as Bulls defeat Drexel
- A new shift
- A source of pride – and debt
- Reviving the Buffalo waterfront with Buffalo RiverWorks
- The Proles: A lesson in how to rock and roll
- Katy Perry will always be my “Teenage Dream” and she deserves to perform...
FROM AROUND THE WEB
- Popping the Question Over the Holidays? What Every Guy...
- Helping Golfers Stay in the Swing With Chiropractic Care
- Conserve Energy This Winter by Choosing the Right Windows
- ACA Marketplace Complicates Tax Returns -- May Delay 2015...
- Gifts That Wow, and What They Say About You
- Millennial Travel Is on the Rise
- Taking Care on and off the Sports Field
- Are You a Candidate for Chiropractic Care?
- Worried About Ebola? What's Keeping You Safe at the...
- The Most Dangerous Time of the Year? Safety Tips for the...
COLLEGE PRESS RELEASES
- NEEBO COLLEGE TEXTBOOK SAVINGS TIP: SELL EARLY, BUY EARLY AND SAVE BIG
- Draper University's Tim Draper Hosts YouNoodle Live Featuring Student Entrepreneurs From Around The World
- NATIONAL SURVEY REVEALS CONFLICTED MINDSET OF COLLEGE STUDENTS ABOUT ADHD PRESCRIPTION STIMULANT MISUSE, ABUSE AND DIVERSION
- 7 Tips to Fuel for Finals
- LINE Webtoon Launches Challenge League, a New Discovery Feature for Webcomic Creators and Aspiring Artists