The Edmond Sun

Business

April 9, 2014

'Heartbleed' flaw leads security experts to urge password changes

SAN FRANCISCO — Security experts are urging consumers to change their Web passwords after the recent disclosure of a vulnerability touching wide swaths of the Internet, even as Google, Facebook and large banks said they weren't affected.

The flaw to OpenSSL, an open-source software that runs on as many as two-thirds of all active websites, was reported on April 7, by researchers who pushed out a fix. Dubbed Heartbleed, the bug could have allowed hackers to access encrypted e-mail messages, banking information, user names and passwords.

"The one saving grace with this flaw is that it was relatively simple to spot and as a result very simple to fix," Zully Ramzan, chief technology officer of Elastica, a cyber- security firm, wrote in an e-mail yesterday. "That said, OpenSSL is incredibly widespread. It's literally the most popular implementation of SSL on the planet. So any compromise in its security has far reaching implications."

The Heartbleed revelation comes at a time of mounting concern about hackers' capabilities following consumer data breaches at Target and Neiman Marcus and the spying scandal involving the National Security Agency. The flaw involving a two-year-old programming mistake was discovered by researchers from Google and Codenomicon, a security firm based in Finland, and reported to OpenSSL, according to a blog post from Codenomicon.

It isn't known whether malicious hackers knew about the bug and were exploiting it, the researchers wrote. Google and Facebook said they addressed the problem before it was made public and saw no signs of vulnerabilities, while Yahoo! Inc. made the requisite fixes.

"A vulnerability, called Heartbleed, was recently identified impacting many platforms that use OpenSSL, including ours," Yahoo said in an e-mailed statement. "Our team has successfully made the appropriate corrections across the main Yahoo properties," such as the homepage, e-mail, finance and sports sites, the Sunnyvale, California-based company said.

OpenSSL is used by Internet companies to secure traffic flowing between servers and users' computers. SSL refers to an encryption protocol known as Secure Sockets Layer and its use is indicated by a closed padlock appearing on browsers next to a website's address.

Before Yahoo issued its fix, security researcher Mark Loman from the Netherlands demonstrated Tuesday on Twitter that he was able to force the site to leak usernames and passwords.

"It wasn't Yahoo's fault, yet they're very slow at installing the critical fix," Loman wrote on his Twitter Inc. account. "Bug disclosure was flawed too."

Many large consumer sites running OpenSSL aren't vulnerable to being exploited because they use specialized encryption equipment and software, the researchers wrote. A test site allows website administrators to check whether their properties are affected.

"The security of our users' information is a top priority," Google said in a statement yesterday. "We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited. We have assessed the SSL vulnerability and applied patches to key Google services."

In a statement, Facebook said it "added protections for Facebook's implementations of OpenSSL before this issue was publicly disclosed, and we haven't detected any signs of suspicious activity on people's accounts."

JPMorgan Chase & Co., the largest U.S. bank, doesn't use the vulnerable software and user information has not been exposed, the New York-based company said in a statement.

Tests on the home pages of other large technology, e- commerce and banking companies including Microsoft, Amazon.com and Bank of America indicated they weren't vulnerable.

1
Text Only
Business
  • City spends $1.7 million on ITS

    Public safety will benefit by the Intelligent Transportation System with its implementation by the City of Edmond, said Steve Commons, assistant city manager.
    More vehicles are added to traffic volume as Edmond’s population grows. ITS connects all of the city’s traffic signals in order to improve traffic flow in present time with greater efficiency, Commons said Wednesday.
    “Some of that can be done through computer automation that tracks how traffic is changing,” Commons said.

    July 30, 2014

  • Downtown Master Plan accepted by council

    The 2014 Downtown Master Plan Study was accepted by a 3-0 vote Tuesday evening by the Edmond City Council.
    Fort Worth-based consulting group Freese and Nichols presented their final update to the 1998 Downtown Master Plan. The city hired the group at a cost of $300,000 to make recommendations for future development of Broadway in the central business district.
    “There are clearly some short-term (parking) options that we feel should move forward,” said Cody Richardson, of Freese and Nichols consultants of Fort Worth. “Better signage at existing parking lots.”

    July 29, 2014

  • Lambrecht Construction to build office

    The commercial site plan of a physician’s office was approved recently by the Edmond Planning Commission by a vote of 4-0.
    Lambrecht Construction plans to build the office at 3917  E. Covell Road in the Fairfax Business Office, north of Covell and west of Sooner Road, said Bob Schiermeyer, city planner.

    July 29, 2014

  • jc_ITS map.jpg City to improve traffic flow

    The Edmond City Council this week approved a services agreement with Electronic Technology, Inc. For the  installation of Intelligent Transportation Systems’ video wall system at a cost of $314,620. The vote was 3-0.
    ITS is a fiber optic, wireless or hybrid communication system of monitoring road events and equipment in the field, data archiving and predicting traffic volume, said Kent Kacir, an engineer with Kimley-Horn and Associates Inc.

    July 29, 2014 1 Photo

  • sales tax holiday.jpg Oklahoma sales tax takes a holiday

    Beginning at 12:01 a.m. on Friday, Aug. 1 and ending at midnight Aug. 3, Oklahomans will be able to participate in a sales tax holiday giving shoppers the opportunity to purchase certain clothing and shoes free of sales tax.
    Yes, retailers may not charge tax, including state and local sales taxes on items that are tax-exempt during the sales tax holiday weekend. The sales of clothing and shoes priced at less than $100 are exempted from sales taxes.

    July 28, 2014 1 Photo

  • Karan & Rwanda.jpg Peace through Business empowering women entrepreneurs

    Peace Through Business is part of the Institute for Economic Empowerment of Women (IEEW) based in Oklahoma City. It is a program that connects small business entrepreneurs in Afghanistan and Rwanda with business owners in Oklahoma. One such entrepreneur found out about the program from a friend, applied, and was accepted to take part in this year’s session.
    Upon earning a master’s degree in Civil Engineering from the Universite de Sciences et Technique de Lille in Belgium, Lyliose Nduhungirehe began her career working for a construction company in Brussels, but she quickly switched paths to Information Technology.

    July 28, 2014 1 Photo

  • Anderson Properties continues to grow

    Berkshire Hathaway HomeServices Anderson Properties recently announced the acquisition of Tulsa-based Prudential Alliance Realty, an eight-office, 150-agent brokerage operating in Tulsa and Oklahoma City and Edmond.
    The transaction gives Anderson Properties, a full-service real estate agency a total of 38 offices and more than 600 agents.

    July 28, 2014

  • Logan County pays off jail tax early, seeks new one

    Logan County is paying off a sales tax ahead of schedule and needs a new one to be able to afford funding jail operation and maintenance, officials said.
    Citizens vote on the county sales tax which is split for redistribution by state law. The tax is collected by the Oklahoma Tax Commission and redistributed back to the county as specified by voters.
    In 2005, citizens passed a 10-year sales tax, scheduled to end next month, to fund the building, operation and maintenance of the county jail, which operates on a $1.3 million budget. Jail capacity is 188 without anyone in a holding cell or a temporary bunk. Thursday it was holding 130 inmates, said Logan County Chief Deputy Richard Stephens.

    July 26, 2014

  • Edmond School District’s change orders anticipated

    When building new schools and classrooms there may be additional costs, but when renovating older buildings those costs can more than double, according to a Edmond School District official.
    “When remodeling, you have unknown and hidden costs and you need to include in your budgeted funds for the built-in items you can not see,” said Bret Towne, Edmond’s associate superintendent of general administration.

    July 25, 2014

  • Planning Commission approves rezoning

    The Edmond Planning Commission this week voted 4-0 in favor of rezoning from a single family district.  Peter and Kimberly Roberts made the request to allow a planned unit development on the southeast corner of Jackson and Lincoln Avenue, said Bob Schiermeyer, city planner.
    “They would like to have D-2 family (neighborhood commercial) zoning for duplexes, 14,000 square feet,” Schiermeyer said. “They can put four units on the property.”

    July 25, 2014

Stocks