"Heartbleed" bug: proof that technological security is not infallible

706

The "Heartbleed" bug was first discovered in the open-source cryptography project named OpenSSL, which is used to encrypt and decrypt data with Secure Sockets Layer and Transport Layer Security protocol. Heartbleed In layman's terms, the OpenSSL software is used to make sure that information being transmitted between web servers and browsers remains private. Heartbleed can allow unauthorized remote-access to an affected device's or server's data and has affected mililons of technolgoical devices.
Yesterday, I met with James Ketterer, director of networking, telecom and tech services at DePauw. We discussed how Heartbleed affects our technology on-campus. Ketterer said that after intensive analysis of DePauw's technological resources, the Information Services department determined that University-owned technology is not widely internally affected by this nasty bug. Most of the internal systems at DePauw have reamined unaffected because they are running unaffected Windows or Linux operating systems.
While most of the solutions to this vulnerability will come in the form of software patches from their developers, the average user of technology can take steps to further their data protection while waiting for the updates. Start by changing your passwords to different services and be sure not to use the same password on multiple services. Consider using a password generator, such as Norton Identity Safe, to create strong and difficult to decrypt passwords.
If you receive an email from a website requesting you to change your password, be sure to check whether the sender of the email is authentic. It may be safer to navigate directly to the website and change your password there rather than using an email link. Be on the lookout for an email from the University regarding this security vulnerability and how you can protect your data.
Google Apps was affected by the bug. Google patched the vulnerability before the Heartbleed bug was publicly announced. This leads the Information Services department to believe that little or no data from Google Apps could have been vulnerable to theft. It is unclear whether the depauw.edu website was affected but even if it was, the DePauw website contains no sensitive data and most of the data available via the site is publicly accessible. Regardless, new SSL certificates have been created for the website as an extra precaution.
After Cisco publicly announced that many of their products are being affected by the bug, Mr. Ketterer shared that DePauw has been phasing out Cisco technology recently and the only Cisco technology still used are old network switches that do not support OpenSSL. This leads Information Services to believe that these Cisco network switches could not possibly have been affected by Heartbleed.
The integration of this bug into a highly used web service, such as OpenSSL, raises the question of how it ever go introduced. It troubles me that such a highly used data protection service could be so widely affected by this bug. Heartbleed is just another example of how technology can used against us both personally and commercially. Be careful with your personal data. You can ensure that it is not misused by taking the necessary security precautions to protect it.

- Mote is a sophomore French major from Indianapolis, Ind.