Menu

Security bug leaves Internet users concerned

The Heartbleed bug is an information leak in a software code called OpenSSL

A vital security bug discovered in April exposed the personal information of Internet users to hackers for nearly two years.

The Heartbleed bug is an information leak in a software code called OpenSSL, which is supposed to protect personal data such as usernames, passwords and banking information on “secure websites.”

Heartbleed mostly targets major websites that rely on the OpenSSL code, which are websites that people use most often. These include EBay, Yahoo/Yahoo Mail, Google, Facebook, Instagram, Netflix, Reddit and Wikipedia.

“I think this bug threat needs to be taken very seriously. According to a Netcraft study, some 66 percent of sites use the SLL technology that has been compromised,” said NCC Computer Science professor Christine Borger.

“Add to that email, chat services and other apps,” she said. “Even worse is that the vulnerability has been out there for about two years and does not leave any evidence that it has compromised an account. Among the reported affected is the FBI. I think that’s serious!”

Although Heartbleed was discovered in early April, some people still may not know that their personal information is not secure.

“I feel uninformed,” said Office Administrative Assistant major Amanda Massaro. “I think people should be more aware.”

Borger is appalled by the lack of awareness about Heartbleed. “I was so surprised when I asked my students if they knew about it, and only two students out of four classes were aware,” she said.

Everyone who uses the Internet should know about Heartbleed for their own protection. Many websites are keeping their users updated about any advances in security.

According to CBC News, a fixed version of OpenSSL was released on April 7. However, it’s a difficult task for websites and services to disable the part of the code affected by Heartbleed and replace it with the fixed one. Some websites have been fixed, but it will take time for most others.

“Even if a company updates their servers, any data captured in the past is still vulnerable,” said Computer Science professor Brian Stokes. “I can’t think of another vulnerability that has had the potential to disrupt the secure communications that we have come to expect when sending private information over the Internet.”

In the meantime, Internet users should protect themselves.

“Change your passwords regularly, and don’t let your browser store passwords,” Computer Science professor Kevin Manna advised. “Create passwords that are easy to remember, but difficult to break. Make sure they contain upper- and lower-case characters, symbols and a number.”

Besides changing passwords, antivirus and security software provider Norton has created a website that users can check to keep themselves updated on which websites are still vulnerable and which are safe. The website is http://safeweb.norton.com/heartbleed.