• Rich Barlow

    Senior Writer

    Photo: Headshot of Rich Barlow, an older white man with dark grey hair and wearing a grey shirt and grey-blue blazer, smiles and poses in front of a dark grey backdrop.

    Rich Barlow is a senior writer at BU Today and Bostonia magazine. Perhaps the only native of Trenton, N.J., who will volunteer his birthplace without police interrogation, he graduated from Dartmouth College, spent 20 years as a small-town newspaper reporter, and is a former Boston Globe religion columnist, book reviewer, and occasional op-ed contributor. Profile

Comments & Discussion

Boston University moderates comments to facilitate an informed, substantive, civil conversation. Abusive, profane, self-promotional, misleading, incoherent or off-topic comments will be rejected. Moderators are staffed during regular business hours (EST) and can only accept comments written in English. Statistics or facts must include a citation or a link to the citation.

There are 3 comments on Heartburn from Heartbleed

  1. Does Google Apps for Education count as an external site? Keep in mind that since BU switched to Google for email, most students have given Google their passwords (especially if they use their smartphone or something other than the webmail interface to check their email).

  2. Response from Quinn Shamblin, executive director of information security at Boston University:

    “Google apps for education is an external site. Google fixed the issue very quickly and a spokesperson stated that password changes are probably not required, see the second link below. That said, I personally am working to change my passwords everywhere on the philosophy that “it is better to be safe than sorry”.

    http://www.eweek.com/enterprise-apps/google-patches-apps-services-in-response-to-heartbleed-flaw.html/

    http://abcnews.go.com/Business/heartbleed-online-bug/story?id=23256168

    1. The vulnerability has been around for a couple years though. Even if Google patched it “immediately”, users should assume that their passwords have been compromised.

      Unfortunately, both the email from BU IT and this article are worded to suggest that our BU passwords are safe unless we did something wrong: sharing our BU password with another site. Given that the student email system was designed to share our passwords with Google in a way that was vulnerable to Heartbleed for two years, I believe that BU’s apparent assurance (that our password is safe) is reckless.

Post a comment.

Your email address will not be published. Required fields are marked *