'Heartbleed' bug bleeds private user data onto the Internet
Bug exploits loophole in encryption protocols, leaks private data
Wednesday, UB Chief Information Officer J. Brice Bible sent an email to all students and faculty regarding an Internet bug that left up to two-thirds of servers open to potential breach.
Wednesday, Chief Information Officer J. Brice Bible sent an email to all students and faculty informing them of "Heartbleed" - an online bug that experts say left up to two-thirds of Internet servers open to potential breach.
Google and cyber-security firm Codenomicon engineers detected the bug this week. Heartbleed is the name given to a particular vulnerability in certain web security software. This gap allows anyone privy to the defect to collect user data that would regularly be inaccessible.
Bible said there is "no evidence" UB sites were compromised. He prompted students and staff members to be wary and "pay close attention to all your sensitive user accounts."
Jeffrey Murphy, the interim information security officer at UB, saidUB passwords and usernames have always been safe from this type of security breach. Some UB websites, like UBLearns, however, were susceptible to the bug gaining access to "snippets" of content without gaining information about the user. As of 5 p.m. yesterday, all central and department systems were reviewed, according to Murphy.
Experts revealed the vulnerability goes back over two years. But it remains unclear how long anyone has been aware of the gap in the most widely used encryption software, OpenSSL.
Most web users know OpenSSL as a closed padlock icon alongside "https" in the address bar of certain websites. The encryption software is used in a wide range of sites, protecting everything from email conversations to credit card numbers. Affected sites include Twitter, Facebook, Gmail and TurboTax, though most major sites are now claiming they have patched the hole in their security.
Despite safety for UB usernames and passwords, Murphy urges students to consistently change passwords and check bank and credit card statements. Both sentiments have been repeated widely in the wake of the breach becoming public as general ways to be safe on the Internet, in which threats like this are always present.
Ken Smith, the manager of computer operations, said before a user changes passwords or security information, he or she should make sure the websites have updated their encryption key - otherwise a breach could still potentially occur.
Conflicting reports have circulated the Internet on the seriousness of the breach. Some experts, like computer security specialist Bruce Schneier, are portraying the security vulnerability as "catastrophic." Others, like Forbes contributor James Lyne, bemoan such claims as hyperbolic. Meanwhile, major sites like Google and Amazon are claiming they have either corrected any security holes or, in the case of the latter, were not impacted.
Likewise, students are split on the seriousness of the bug.
"Internet breaches aren't a very new thing ... so I'm not worried," said Gino Notto, a sophomore computer science major.
Shintaro Matsamoto, a senior computer science major, called this "a serious issue," going on to state he was worried about the breach.
The Heartbleed vulnerability is being corrected by websites patching their security. Websites such as Yahoo! and security experts are urging Internet users to change passwords and remain vigilant of personal data and information, like bank accounts.
Websites like http://filippo.io/Heartbleed/ offer a way to check whether sites are safe.
Sam Fernando, Tress Klassen and Ben Tarhan contributed reporting to this story.
Get Top Stories Delivered Weekly
From Around the Web
More ubspectrum News Articles
Recent ubspectrum News Articles
Discuss This Article
MOST POPULAR UBSPECTRUM NEWS
GET TOP STORIES DELIVERED WEEKLY
FOLLOW OUR NEWSPAPER
LATEST UBSPECTRUM NEWS
FROM AROUND THE WEB
- Boomers Find Reason to Celebrate With Vacations
- Shave Strokes off Your Golf Game -- Without the Eraser
- Stay Cool With a Ceiling Fan as Stylish as It Is Functional
- Have a Blast With the Family This Summer, but Stay Safe
- Chiropractic Careers Are on the Rise
- Choosing the Right Home Health Care Agency
- Pop the Champagne Diamond for Your Seasonal Fashion...
- Managing Pain: Are You Reading Your Medicine Labels?
- Does Your Garbage Want to Be Recycled?
- You Can Quit