Heartburn from Heartbleed
BU cyber-watchdog: protect yourself against Internet bug and oncoming scams
If you use your BU Kerberos password to secure information on sites other than BU’s—and you shouldn’t—it’s time to pick a new password, says the University’s top cyber-watchdog. That’s because many sites, unlike BU’s, are vulnerable to the computer bug called Heartbleed.
In an email sent to the BU community Friday, Quinn Shamblin, executive director of information security, warned readers to be careful in making that password change to avoid falling prey to online scam artists.
“You will likely begin receiving emails from a variety of organizations, prompting you to change your password,” wrote Shamblin. “Please be aware that you should never follow a link provided in an email message to change your password. Instead, you should open your web browser and go directly to that organization’s website and, once there, go through the change password process.”
BU has taken steps to secure its own servers, and there is no sign of a breach of any University systems or accounts, but Shamblin still recommends changing any Kerberos password that is used elsewhere. To do that, go to www.bu.edu and type “change password” in the search field. A reminder: changing your Kerberos password will require changing it in any device or application that has it saved.
Heartbleed makes it possible for a hacker to scrutinize online transactions for passwords, credit card numbers, and other personal information. The bug is especially insidious because it resulted from a programming flaw two years ago in the commonly used encryption technology OpenSSL, which was designed to protect data, a technology expert told the New York Times. Because of the massive amount of computer code being written, the flaw went unnoticed until last week, the expert said. Google and a software security company finally discovered Heartbleed.
Heartbleed has affected popular websites such as Gmail and Facebook; you can find a list of those sites and their responses here.
Comments & Discussion
Boston University moderates comments to facilitate an informed, substantive, civil conversation. Abusive, profane, self-promotional, misleading, incoherent or off-topic comments will be rejected. Moderators are staffed during regular business hours (EST) and can only accept comments written in English. Statistics or facts must include a citation or a link to the citation.