Heartbleed Computer Bug Worries MU, City Officials
COLUMBIA - IT professionals are urging people to change their security passwords after a computer bug was discovered recently.
A new bug known as the "Heartbleed Bug" has affected millions of websites including even large sites like Yahoo.com and tech professional with both the City of Columbia and the University of Missouri are taking it very seriously.
"They're saying that on a scale of 1-10 this is an 11," Beth Chancellor, the chief information security officer for the University of Missouri said.
"Vulnerabilities are discovered all the time," Danny Paul, the IT manager for the City of Columbia said. "This one in particular is big. This one affects lots and lots and lots of sites."
Data on the internet is moved using two keys, an encryption which is public, and a decryption key, which is private and only the website owner can see. A flaw in software called OpenSSL, which is used by about 70 percent of websites, allows hackers to steal the decryption key and view information you put on the web like passwords, usernames or even credit card information.
"This is a perfect example of why people should change their passwords," Chancellor said. "If you have a habit of changing your password a couple times a year, two or three times a year, it becomes more difficult for someone who has your credentials to be able to reuse those again."
"With user names and passwords, those hackers can turn around and make changes to credit card accounts or make purchases perhaps," Paul said. "By changing the password, you have take their data and made it useless."
Most IT experts believe the flaw in the OpenSSL was a mistake and not inserted by a hacker.
Sites like https://lastpass.com/heartbleed/ can tell you if a website is affected.