The Heartbleed Vulnerability and You

“Heartbleed” is one interesting name for a security vulnerability.  It sounds like a reference to a brilliant romance built on mutual trust gone dramatically bad–ending in a messy breakup that perhaps only chocolate can address.

Truth be told, this isn’t far from what has actually happened–and it is serious.

The “relationship” I am referring to is something called OpenSSL.  It is a protocol that creates a secure connection between your computer and your bank, online stores, and just about any website that requires the transmission of personal data like passwords, credit card information, etc.

Apparently a vulnerability has been discovered that makes it possible for hackers to eavesdrop on the transmission of this personal information.  That’s obviously not good, and the vulnerability has existed since March of 2012.  So that “trusted romance” between your computer and places on the Internet you believed was secure may have had someone mingling in the middle–a virtual “love triangle,” so to speak.

Here’s what you need to know:

– None of the Bucknell systems that process or store passwords were affected.

– Somewhere around 66% of all secure websites on the Internet use OpenSSL for secure transmission of data.  That means all of them may have been vulnerable at one time or another.

– The good news is many sites have rushed to patch the Heartbleed vulnerability.  The bad news is many have not (yet).  If you are curious about who is who and exploring more resources about Heartbleed, please visit:

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/?utm_cid=mash-com-fb-main-link

What you need to do:

– We strongly suggest you research websites that are important to you and your privacy using the URL above.

– If the site is still vulnerable, minimize your interaction with it until you have been notified or it has been classified as patched.  It is also not a bad idea to keep a close eye on bank statements and similar documents for unusual activity.

– After the website has been patched, we encourage you to change your password.  As always, we recommend using different passwords for each site.  That way if one of your passwords is compromised a hacker does not have access to your personal information on other websites.

So, in the end, the Heartbleed vulnerability is one situation where chocolate will not help and should therefore be taken seriously.  If you have any questions or concerns please contact Tech Support at techdesk@bucknell.edu or by calling 570-577-7777.

Comments are closed.

Close

Places I've Been

The following links are virtual breadcrumbs marking the 12 most recent pages you have visited in Bucknell.edu. If you want to remember a specific page forever click the pin in the top right corner and we will be sure not to replace it. Close this message.