A flaw in a widely used online security mechanism has left information technology departments doing damage control, but officials at UF said students’ information is safe.
The bug, nicknamed “Heartbleed,” revealed that OpenSSL, which is responsible for the security of sensitive information over online channels, has flawed coding that exposes weaknesses that make passwords and other information vulnerable.
But Avi Baumstein, a senior information security analyst at UF, said students don’t need to change passwords to university-related accounts.
“We have no reason to believe that any passwords have been compromised,” he said.
Shibboleth, the system behind the sign-on process for high-use university resources such as Webmail, e-Learning and ISIS, remains unaffected, Baumstein said.
Baumstein said students who believe their passwords have been compromised should change their passwords immediately and contact the UF Computing Helpdesk.
“The best practice is to use different passwords for each service, so that if criminals obtain passwords from one, they still won’t have access to your other accounts,” he said.
Dominique Overstreet, a web developer for the Gator Gaming club, said the club’s website runs on custom code that doesn’t use OpenSSL. As a result, it is free of security issues, the 22-year-old UF computer engineering senior said.
“I will do research on the ‘Heartbleed’ bug to make sure that it is not a problem for our website in the future,” he said.
Mashable.com reported that passwords should be changed for popular social media sites, including Facebook, Intagram, Tumblr and Pinterest.
[A version of this story ran on page 1 on 4/11/2014 under the headline "Online security flaw affects social media, but UF accounts OK"]
