FORT WAYNE – The Internet is abuzz with news of the “Heartbleed” bug that might have put millions of passwords, credit card numbers and other personal information at risk.
IPFW issued a bulletin to staff, students and faculty Wednesday urging them to change their network passwords to new, stronger passwords immediately.
Officials from two communications companies said they have not experienced any security breaches, and banking officials said consumers are protected from unauthorized transactions.
While no known security breaches have occurred, the university’s information technology department has been working to ensure that the school’s firewall will prevent any outside attacks, IT Services security officer David Kistler said.
“We scanned all of our servers and found several that were susceptible and fixed them so that they cannot be compromised,” Kistler said.
But IT officials are still recommending that students and staff change their network passwords “just in case,” he said.
“It’s a very wise move and could prevent potential breaches,” Kistler said. “Because it’s hard to tell which servers have been compromised, we’re advising it as a cautionary measure.”
Not only is Kistler advising students and staff to change their IPFW network passwords, he said they should also consider changing other online passwords, particularly for bank accounts and social media.
“This is such a widespread bug,” Kistler said of Heartbleed, “and is probably the most widely spread vulnerability in Web history. It’s said to have affected two-thirds of Web servers.”
It’s a website’s responsibility to notify its users of the potential risks, but not all sites do, he said.
“We have found that precautionary measures are the best in case a breach should occur,” Kistler said.
The damage Heartbleed has caused is still unknown. The security hole exists on a vast number of the Internet’s Web servers and went undetected for more than two years.
While it’s conceivable that the flaw was never discovered by hackers, it’s nearly impossible to tell, according to Associated Press reports.
Frontier Communications spokeswoman Dana Berkes said the company hasn’t experienced any issues with security breaches on its website. A Comcast spokesman said the same.
The Indiana Bankers Association said consumers are always protected from any unauthorized transactions.
Nonetheless, the group said customers should inform their bank immediately if they suspect unusual activity.
Meanwhile, banks are researching the possible effects of Heartbleed.
The association said most Internet banking applications are not affected because most financial institutions have a special layer of security that prevents this type of exploitation, and some don’t use Open SSL – one of the vulnerabilities that Heartbleed targets – at all.
The association said banks are constantly monitoring accounts and use many systems to protect customers’ information, including rigorous security standards, encryption and fraud-detection software.
Officials at the Indiana Bankers Association say it’s always a good idea to update bank passwords every few months.
Thirtyseven4 of Medina, Ohio, a security software provider, cautioned that Heartbleed might increase phishing risks.
Cybercriminals use phishing techniques to obtain confidential data such as user names, passwords and credit card information.
Phishing misleads users to click links embedded in emails, connecting them to spoofed websites that may be injected with malicious code, said Steven Sundermeier, owner of Thirtyseven4.
Users are then prompted to log on to what they believe are their accounts.
Given the severity and scope of Heartbleed, virus writers and hackers could capitalize on this golden opportunity. Users should not panic but should reset passwords, Sundermeier said.
“Many are going to be expecting and waiting on these emails from their service providers, and cybercriminals know that,” he said.
It’s best not to wait to receive a notice from your banking institution or social media site, he said.
“It’s best to take cautionary measures and go ahead and change passwords,” he said.
The Associated Press and Paul Wyche of The Journal Gazette contributed to this story.