MSU tech leaders making changes in wake of ‘Heartbleed’
by MBJ Staff
Published: April 14,2014
STARKVILLE — Technology professionals at Mississippi State University are addressing the worldwide computer security vulnerability called “Heartbleed” by patching affected servers and advising Internet users on campus to change passwords, among other steps.
MSU security and compliance officer Tom Ritter said the bug is being actively used against websites throughout the Internet, allowing attackers to connect with servers to draw read-only information that was intended to be encrypted.
Unfortunately, the vulnerability has existed for about two years before being detected last week, he added.
Ritter said it appears about two-thirds of the Internet has been affected, including a few MSU servers. “We were impacted like other schools and other businesses were impacted, but we immediately implemented the needed patches.
“We’ve scanned campus for vulnerable servers, and all of the ones that we support have been patched,” he explained, adding that, while many of the campus’s largest sites were not vulnerable to the bug, some vulnerabilities were identified and corrected.
Ritter said ITS is urging all MSU students, faculty and staff to change their net passwords. Additionally, he recommends changing passwords on all non-university sites they use, including online banking, social media and websites where they have made online purchases or otherwise given credit card numbers and other sensitive information.
In the system-wide alert sent late last week, Mike Rackley, the university’s chief information officer, issued a Heartbleed alert and advised the campus community to not use their net password as credentials at non-MSU sites.
Ritter cautioned, however, that many websites have not yet implemented patches since the Heartbleed discovery, and one-time password changes would not be sufficient if vulnerabilities still exist on effected websites.
Many websites already are posting statements about whether or not they’ve patched for Heartbleed or if they were vulnerable, he said.
“Some sites were not vulnerable, but many, many were,” he said.
Sites that were vulnerable use OpenSSL, an open-source encryption technology that typically indicates personal information is safe with a lock icon in the web browser. Among these are Google, Facebook, Yahoo and Amazon, all of which now have made patches so new passwords will be safe.
“Protecting your identity is an important aspect of using Internet services, and people should be aware of the fact that there are hackers always out to steal information whether via phishing or vulnerabilities such as Heartbleed,” Ritter said.
He recommended the close monitoring for inappropriate usage of all emails, social media and online bank accounts, as well as any other personal online accounts.
“Evaluate your risks and at the sites that you use, change your passwords,” Ritter emphasized. “It’s always a good idea to change your passwords regularly.”
Ritter also warned of inevitable phishing messages that will spoof password change notifications. For that reason, Internet users should not follow a link to change a password, but, instead, go directly to the website by typing in the URL address before changing personal information.
To sign up for Mississippi Business Daily Updates, click here.
One Response to “MSU tech leaders making changes in wake of ‘Heartbleed’”
Mississippi Economic Council
Mississippi Chambers of Commerce
Mississippi State Legislature
Mississippi Development Authority
Mississippi Economic Development Council
North Mississippi News
Social Security Disability Lawyer
Auto Accidents Lawyer
Top Posts & Pages
- Aluminum company rumored for Columbus: 'clock' is for website, not plant site
- Shale oil: market correction or longterm direction?
- Miss. surgeon sentenced in tax evasion case
- MBJ exclusive: Jackson’s new airport CEO fulfills desire to taking on the top job
- WILLOUGHBY: Mayo Flynt leads AT&T Mississippi by enjoying both work and workers
- MARTIN WILLOUGHBY: Gary Herring building tomorrow by educating today
- J.McLaughlin to open in Highland Village next spring
- 'Blue Economy' important for Mississippi's future
- Hyatt-Place is Columbus’ newest hotel option