STARKVILLE — Technology professionals at Mississippi State University are addressing the worldwide computer security vulnerability called “Heartbleed” by patching affected servers and advising Internet users on campus to change passwords, among other steps.
MSU security and compliance officer Tom Ritter said the bug is being actively used against websites throughout the Internet, allowing attackers to connect with servers to draw read-only information that was intended to be encrypted.
Unfortunately, the vulnerability has existed for about two years before being detected last week, he added.
Ritter said it appears about two-thirds of the Internet has been affected, including a few MSU servers. “We were impacted like other schools and other businesses were impacted, but we immediately implemented the needed patches.
“We’ve scanned campus for vulnerable servers, and all of the ones that we support have been patched,” he explained, adding that, while many of the campus’s largest sites were not vulnerable to the bug, some vulnerabilities were identified and corrected.
Ritter said ITS is urging all MSU students, faculty and staff to change their net passwords. Additionally, he recommends changing passwords on all non-university sites they use, including online banking, social media and websites where they have made online purchases or otherwise given credit card numbers and other sensitive information.
In the system-wide alert sent late last week, Mike Rackley, the university’s chief information officer, issued a Heartbleed alert and advised the campus community to not use their net password as credentials at non-MSU sites.
Ritter cautioned, however, that many websites have not yet implemented patches since the Heartbleed discovery, and one-time password changes would not be sufficient if vulnerabilities still exist on effected websites.
Many websites already are posting statements about whether or not they’ve patched for Heartbleed or if they were vulnerable, he said.
“Some sites were not vulnerable, but many, many were,” he said.
Sites that were vulnerable use OpenSSL, an open-source encryption technology that typically indicates personal information is safe with a lock icon in the web browser. Among these are Google, Facebook, Yahoo and Amazon, all of which now have made patches so new passwords will be safe.
“Protecting your identity is an important aspect of using Internet services, and people should be aware of the fact that there are hackers always out to steal information whether via phishing or vulnerabilities such as Heartbleed,” Ritter said.
He recommended the close monitoring for inappropriate usage of all emails, social media and online bank accounts, as well as any other personal online accounts.
“Evaluate your risks and at the sites that you use, change your passwords,” Ritter emphasized. “It’s always a good idea to change your passwords regularly.”
Ritter also warned of inevitable phishing messages that will spoof password change notifications. For that reason, Internet users should not follow a link to change a password, but, instead, go directly to the website by typing in the URL address before changing personal information.
BEFORE YOU GO…
… we’d like to ask for your support. More people are reading the Mississippi Business Journal than ever before, but advertising revenues for all conventional media are falling fast. Unlike many, we do not use a pay wall, because we want to continue providing Mississippi’s most comprehensive business news each and every day. But that takes time, money and hard work. We do it because it is important to us … and equally important to you, if you value the flow of trustworthy news and information which have always kept America strong and free for more than 200 years.
If those who read our content will help fund it, we can continue to bring you the very best in news and information. Please consider joining us as a valued member, or if you prefer, make a one-time contribution.Click for more info