University responds to the Heartbleed bug

Blair Emerson

Last week the Heartbleed bug was announced to the public as a severe threat to the security of online information.

Faculty and staff members at the University of Minnesota this week were warned of some ramifications related to the growing public awareness of the security vulnerability.

“The fact that the vulnerability is now known gives people the opportunity to patch that vulnerability,” said Brian Dahlin chief security officer at The Office of Information Technology, the central IT department for the university. “At the same time what it does is it also gives hackers the known vulnerability and gives them a little more information on what to go attack.”

After the security vulnerability was publicized, many users were advised by websites to change their passwords.

OIT sent out an online newsletter this week to faculty and staff members instructing them to be aware of new phishing scams that ask users to change their passwords, often through the use of a link in an email.

OIT is currently offering guidance to people about what they can do to secure their online information and activities, said Dahlin.

Heartbleed vulnerability is a security vulnerability in OpenSSL, a type of technology commonly used by websites to assure security of information sent over the Internet.

This technology was originally used to protect sensitive data like credit card information and passwords, said computer science and engineering assistant professor Stephen McCamant.

After learning of the bug he said he took his own precautions and upgraded the software on all of his own laptops.

“Once the vulnerability became publicly known almost all of the vulnerable servers got upgraded,” he said, which is like the digital equivalent to changing a lock.