Earlier this month, a significant Open SSL security vulnerability called Heartbleed was uncovered. In response, 52 percent of RU students plan on changing their passwords. Open SSL is a free service that exchanges keys in order to encrypt website traffic. The majority of web servers implement this service.
Students were notified about the online security issue by email on April 14. The email told students that Heartbleed only affected RU’s advisor trac system and its LARC program. The email went on to say, “Many popular sites such as Facebook, Instagram, Tumblr, Gmail and Yahoo were all impacted by this vulnerability.”
While more than half of RU’s students that were surveyed plan on changing their passwords to their online accounts, some aren’t so eager to make the change. Courtney Fowler, a freshman said, “There hasn’t been any breach of security yet. Nobody cares about your Facebook statuses, or your bank account with $300 in it – they don’t want that.”
Heartbleed was discovered on April 7 by security company Codenomicon. Since its discovery, a Canadian teen named Stephen Solis-Reyes has been arrested by the Royal Canadian Mounted Police. According to npr.org, Solis-Reyes was arrested for allegedly attempting to use Heartbleed to gain access to Canada Revenue Agency’s online servers.
While the majority of the sampled RU population plan on changing their passwords, some students were caught in the middle. When asked if she will change her passwords, junior Lauren Stalnaker said, “I know that I need to, but I just have so many passwords to change.” Of the students sampled 17 percent didn’t say no or yes about changing their passwords.
The remaining 30 percent belongs to students who said they wouldn’t change their passwords. Eileen Ulmer, a sophomore rationalized this decision by saying, “I haven’t had any problems yet.” Senior Elizabeth Wright said, “I don’t plan on changing my passwords, I’m not worried about it.”
In the email, the school’s IT department advised students to use different passwords by saying, “As you change passwords, remember that you should use a different password for each system you access. This prevents a vulnerability in one system from also allowing a hacker to access another system with the same password.”