'Heartbleed' bug bleeds private user data onto the Internet
Bug exploits loophole in encryption protocols, leaks private data
Wednesday, UB Chief Information Officer J. Brice Bible sent an email to all students and faculty regarding an Internet bug that left up to two-thirds of servers open to potential breach.
Wednesday, Chief Information Officer J. Brice Bible sent an email to all students and faculty informing them of "Heartbleed" - an online bug that experts say left up to two-thirds of Internet servers open to potential breach.
Google and cyber-security firm Codenomicon engineers detected the bug this week. Heartbleed is the name given to a particular vulnerability in certain web security software. This gap allows anyone privy to the defect to collect user data that would regularly be inaccessible.
Bible said there is "no evidence" UB sites were compromised. He prompted students and staff members to be wary and "pay close attention to all your sensitive user accounts."
Jeffrey Murphy, the interim information security officer at UB, saidUB passwords and usernames have always been safe from this type of security breach. Some UB websites, like UBLearns, however, were susceptible to the bug gaining access to "snippets" of content without gaining information about the user. As of 5 p.m. yesterday, all central and department systems were reviewed, according to Murphy.
Experts revealed the vulnerability goes back over two years. But it remains unclear how long anyone has been aware of the gap in the most widely used encryption software, OpenSSL.
Most web users know OpenSSL as a closed padlock icon alongside "https" in the address bar of certain websites. The encryption software is used in a wide range of sites, protecting everything from email conversations to credit card numbers. Affected sites include Twitter, Facebook, Gmail and TurboTax, though most major sites are now claiming they have patched the hole in their security.
Despite safety for UB usernames and passwords, Murphy urges students to consistently change passwords and check bank and credit card statements. Both sentiments have been repeated widely in the wake of the breach becoming public as general ways to be safe on the Internet, in which threats like this are always present.
Ken Smith, the manager of computer operations, said before a user changes passwords or security information, he or she should make sure the websites have updated their encryption key - otherwise a breach could still potentially occur.
Conflicting reports have circulated the Internet on the seriousness of the breach. Some experts, like computer security specialist Bruce Schneier, are portraying the security vulnerability as "catastrophic." Others, like Forbes contributor James Lyne, bemoan such claims as hyperbolic. Meanwhile, major sites like Google and Amazon are claiming they have either corrected any security holes or, in the case of the latter, were not impacted.
Likewise, students are split on the seriousness of the bug.
"Internet breaches aren't a very new thing ... so I'm not worried," said Gino Notto, a sophomore computer science major.
Shintaro Matsamoto, a senior computer science major, called this "a serious issue," going on to state he was worried about the breach.
The Heartbleed vulnerability is being corrected by websites patching their security. Websites such as Yahoo! and security experts are urging Internet users to change passwords and remain vigilant of personal data and information, like bank accounts.
Websites like http://filippo.io/Heartbleed/ offer a way to check whether sites are safe.
Sam Fernando, Tress Klassen and Ben Tarhan contributed reporting to this story.
Get Top Stories Delivered Weekly
From Around the Web
More ubspectrum News Articles
Recent ubspectrum News Articles
Discuss This Article
MOST POPULAR UBSPECTRUM NEWS
GET TOP STORIES DELIVERED WEEKLY
FOLLOW OUR NEWSPAPER
LATEST UBSPECTRUM NEWS
- UB students ‘make noise’ in wake of Ferguson grand jury decision
- Publishing textbooks can mean big money for professors
- Long hair because they care
- Braving the Snowvember storm
- UB joins nationwide ‘It’s On Us’ sexual assault prevention campaign
- “Home” is where the Turkey is
- R&B’s favorite ‘Boyz’ are back
FROM AROUND THE WEB
- Avoiding Body Drought: Tips to Prevent Dehydration
- Tax-Savings Tips From Licensed Experts
- Not Leo DiCaprio? How to Cut Your Energy Bills Anyway
- Television Best Bets: Streaming Programs Worth Watching
- Modern Farming: Technology Helps Keep Food on the Table
- An End to Acid Reflux?
- How to Select a Contractor: Certification Counts With...
- Modern Landfills: Safe, Smart and Green
- Medicine Safety Reminders for Cold and Flu Season
- What It Takes to Get One of the Most In-Demand Jobs
COLLEGE PRESS RELEASES
- LINE Webtoon Launches Challenge League, a New Discovery Feature for Webcomic Creators and Aspiring Artists
- 6 ‘Friendsgiving’ tips that won’t leave you stuffed
- PARAMORE UNVEIL EXPANDED DIGITAL EDITION OF BLOCKBUSTER FOURTH ALBUM
- MELANIE MARTINEZ ANNOUNCES THIRD LEG OF “DOLLHOUSE TOUR”
- Sigma Lambda Gamma National Sorority, Inc. Declared Winner of Voto Latino’s RepUrLetters Challenge