Forget the privacy invasions by the NSA and the bandwidth limitations by Internet Service Providers; the majority of Web servers students and faculty access on a regular basis faced two serious security breaches that placed users’ data in peril over the past year. While the general population might not consider the importance of these issues, the vulnerabilities reveal passwords that could grant access to personal documents, bank accounts and even social security numbers. In turn, identity theft, unauthorized money transfers and data leaks can occur, completely ruining people’s lives.
In April, one of these breaches known as “Heartbleed” allowed hackers to easily access users’ private data without a trace using a small glitch in the technology used to transfer sensitive information. The bug affected around 17.5% of secure websites, a third of which still remain vulnerable due to a lackluster effort by system administrators. Thankfully, programmers at Google reported it before the hacking community could exploit it, minimizing the impact.
Though considered one of the largest Internet breaches in recent history, a new vulnerability named “Shellshock” dwarfs it in size and scope, making Heartbleed look like child’s play. The heart of the widespread Shellshock vulnerability resides in Bash, the command prompt (shell) and scripting language built into most Linux, Mac OS X, and iOS devices. A hacker can run malicious code on many of these devices with barely any effort at all, stealing data and creating “botnets.” Hackers then use these botnets, networks of infected computers, to target more devices and spread viruses throughout cyberspace. Unlike Heartbleed, no agency or company caught Shellshock before hackers began compromising Web servers worldwide. Because of this unfortunate occurrence and a relatively long wait for official patches, most of the public remained exposed while developers rushed to distribute updates and prevent further infection.
In this connected world, students and faculty need to continually read about the latest security vulnerabilities and remain vigilant in the face of ongoing cyber attacks to stay safe. With a simple password change, continuous installation of updates, purchase of anti-virus software, and a healthy dose of common sense while browsing the Web, anyone can prevent the vast majority of these serious issues from inflicting permanent damage.