University discovers technological vulnerability
The ETSU Information Technology department became aware in early April of a vulnerability in the Linux operating system, a platform used by ETSU and institutions worldwide.
An unintentional programming error in the Linux open Secure Socket Layer led to a "Heartbleed," creating the potential for a leak in private information.
"We do run Linux servers and we do have servers that have open SSL on them," said Mark Bragg, associate vice president for information technology. "So we immediately started checking them and we did not find any vulnerabilities on any campus servers. This includes programs like Goldlink."
Google soon notified the university that Goldmail was secure. TouchNet, a server that performs credit card validations for the university, also had a vulnerability, but the business managed to patch it.
D2L was the only campus service that experienced prolonged problems. Currently, no ETSU students have come forward with concerns about their D2L accounts.
An SSL lock icon in the search bar indicates that a user is on a safe webpage, guaranteeing that no one will be able to gain access to the user's data.
"Underneath the hood of the SSL there's a function called 'Heartbeat,' that's where 'Heartbleed' comes from," Bragg said. "Heartbeat basically allows the user to ask the server if it's still operating correctly."
In an attempt to assess a server's health, a user sends a line of text to the Heartbeat address and the server responds with the same line of text. Sending a line of text to the server involves dividing the information into two parameters, the 'string' and the length. The string indicates the actual text being sent while the length specifies the number of characters in the text.
"What the programmers found was that the length did not match the string specified by the user," Bragg said. "A user could pass a different length, one with a greater number of characters, and receive a larger amount of information from the server."
The data sent back to the user could include private information, like passwords. But, taking advantage of a Heartbleed vulnerability is a very erratic practice. Servers contain a massive amount of data, and a hacker has a relatively low probability of obtaining valuable information. Despite this low probability, the information technology department encourages caution.
"If students were using D2L during this period, it's a good idea for them to change their password," Bragg said. "This is on the remote chance that their username and password were captured."
Get Top Stories Delivered Weekly
From Around the Web
More easttennessean News Articles
Recent easttennessean News Articles
Discuss This Article
MOST POPULAR EASTTENNESSEAN
GET TOP STORIES DELIVERED WEEKLY
FOLLOW OUR NEWSPAPER
LATEST EASTTENNESSEAN NEWS
- ETSU officials say university will focus on preventing sexual assaults
- University selects new dean of students
- Ohio parents’ beliefs cost daughter her life
- SGA president discusses issues of importance
- ‘Do One Thing’ helps environment; monument meant to inspire students to...
- Guest pianist Myer will play at ETSU
- Lady Bucs are 3-0 in conference with win against UNCG Spartans
RECENT EASTTENNESSEAN CLASSIFIEDS
FROM AROUND THE WEB
- The Need for Voluntary Insurance Is on the Rise
- How to Be More Productive During Your Business Flights
- It's Never too Late to Start Living Healthy
- Revive tus objetivos de verte saludable en 2015
- Debunking Common Tax-Filing Myths
- With Help From Chile, Blueberries Stay Fresh All Winter
- Small Fixtures Make a Big Design Impact
- Keeping the Workplace in Proper Alignment
- 5 Seasonal Invaders and How to Keep Them Out in the Cold
- Not Just a Man's World, Female Entrepreneurs Are Making...
COLLEGE PRESS RELEASES
- ASCO Numatics Announces 2015 Industrial Automation Engineering Scholarships
- Coffee Club Goes Viral With Members Earning Free Starbucks Cards
- UniversitySpot.com Introduces Extensive, Curated List of Free Online Courses for Winter 2015
- NEEBO COLLEGE TEXTBOOK SAVINGS TIP: SELL EARLY, BUY EARLY AND SAVE BIG
- Draper University's Tim Draper Hosts YouNoodle Live Featuring Student Entrepreneurs From Around The World