The Edmond Sun

Features

April 9, 2014

'Heartbleed' flaw leads security experts to urge password changes

SAN FRANCISCO — Security experts are urging consumers to change their Web passwords after the recent disclosure of a vulnerability touching wide swaths of the Internet, even as Google, Facebook and large banks said they weren't affected.

The flaw to OpenSSL, an open-source software that runs on as many as two-thirds of all active websites, was reported on April 7, by researchers who pushed out a fix. Dubbed Heartbleed, the bug could have allowed hackers to access encrypted e-mail messages, banking information, user names and passwords.

"The one saving grace with this flaw is that it was relatively simple to spot and as a result very simple to fix," Zully Ramzan, chief technology officer of Elastica, a cyber- security firm, wrote in an e-mail yesterday. "That said, OpenSSL is incredibly widespread. It's literally the most popular implementation of SSL on the planet. So any compromise in its security has far reaching implications."

The Heartbleed revelation comes at a time of mounting concern about hackers' capabilities following consumer data breaches at Target and Neiman Marcus and the spying scandal involving the National Security Agency. The flaw involving a two-year-old programming mistake was discovered by researchers from Google and Codenomicon, a security firm based in Finland, and reported to OpenSSL, according to a blog post from Codenomicon.

It isn't known whether malicious hackers knew about the bug and were exploiting it, the researchers wrote. Google and Facebook said they addressed the problem before it was made public and saw no signs of vulnerabilities, while Yahoo! Inc. made the requisite fixes.

"A vulnerability, called Heartbleed, was recently identified impacting many platforms that use OpenSSL, including ours," Yahoo said in an e-mailed statement. "Our team has successfully made the appropriate corrections across the main Yahoo properties," such as the homepage, e-mail, finance and sports sites, the Sunnyvale, California-based company said.

OpenSSL is used by Internet companies to secure traffic flowing between servers and users' computers. SSL refers to an encryption protocol known as Secure Sockets Layer and its use is indicated by a closed padlock appearing on browsers next to a website's address.

Before Yahoo issued its fix, security researcher Mark Loman from the Netherlands demonstrated Tuesday on Twitter that he was able to force the site to leak usernames and passwords.

"It wasn't Yahoo's fault, yet they're very slow at installing the critical fix," Loman wrote on his Twitter Inc. account. "Bug disclosure was flawed too."

Many large consumer sites running OpenSSL aren't vulnerable to being exploited because they use specialized encryption equipment and software, the researchers wrote. A test site allows website administrators to check whether their properties are affected.

"The security of our users' information is a top priority," Google said in a statement yesterday. "We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited. We have assessed the SSL vulnerability and applied patches to key Google services."

In a statement, Facebook said it "added protections for Facebook's implementations of OpenSSL before this issue was publicly disclosed, and we haven't detected any signs of suspicious activity on people's accounts."

JPMorgan Chase & Co., the largest U.S. bank, doesn't use the vulnerable software and user information has not been exposed, the New York-based company said in a statement.

Tests on the home pages of other large technology, e- commerce and banking companies including Microsoft, Amazon.com and Bank of America indicated they weren't vulnerable.

1
Text Only
Features
  • clinic 1.jpg Edmond church to host free eye clinic

    An Edmond church and Feed the Children are partnering to provide a free eye clinic.
    Individuals will be able to receive a free vision test and free prescription eye glasses from 9 a.m. to 3 p.m. Aug. 9 at the Waterloo Road Baptist Church, 3100 E. Waterloo Road. All ages are welcome and registration is not required.

    July 29, 2014 2 Photos

  • UCO forensic volunteer wants to aid more agencies

    A four-person group of forensic investigators who volunteer their time to help smaller Oklahoma police departments isn’t enough to meet demand, a member said.
    Kama King, who recently completed her graduate research and will be a member of the faculty at the University of Central Oklahoma’s Forensic Science Institute, said outside of full-time jobs, members of the group volunteer to assist these agencies.
    As her career progresses, King hopes to help establish a permanently funded organization available to any agency in the state to assist in remains recovery as well as related training.

    July 29, 2014

  • jc_ITS map.jpg More cameras monitoring Edmond motorists

    The Edmond City Council this week approved a services agreement with Electronic Technology, Inc. For the  installation of Intelligent Transportation Systems’ video wall system at a cost of $314,620. The vote was 3-0.
    ITS is a fiber optic, wireless or hybrid communication system of monitoring road events and equipment in the field, data archiving and predicting traffic volume, said Kent Kacir, an engineer with Kimley-Horn and Associates Inc.

    July 29, 2014 1 Photo

  • jc_Earp Marlin 2 - photo credit Noel Winters.jpg Shootout of a sale

    An original article of the Wild West will be made available at auction Thursday. The rifle of legendary lawman Wyatt Earp will be part of the J. Levine Auction & Appraisal’s Summer Quarterly Auction in Scottsdale, Ariz.
    Earp was an Arizona deputy sheriff and deputy town marshal in Tombstone, Ariz. He is legendary for playing a key role in the gunfight at the O.K. Corral. He died in 1929 at age 80.
    Wyatt Earp collector Barry Tapp of Edmond will be selling his 1895 Wyatt Earp Marlin rifle at the auction. The rifle has an estimated value between $50,000 and $75,000. It includes authentication documentation from Tombstone Heritage Museum, according to the auction house

    July 28, 2014 2 Photos

  • 11.6.12 Mother and Cub (2).jpg UCO forensic researcher answers key question

    After working a few human recovery cases on a volunteer basis with a variety of police departments, a question kept bugging Kama King.
    “You spend the whole day,” the UCO W. Roger Webb Forensic Science Institute student said, “sometimes days, searching for someone and only find a skull or a few bones and it just ate at me. Are we not finding this or is it not there to be found?”

    July 28, 2014 1 Photo

  • Karan & Rwanda.jpg Peace through Business empowering women entrepreneurs

    Peace Through Business is part of the Institute for Economic Empowerment of Women (IEEW) based in Oklahoma City. It is a program that connects small business entrepreneurs in Afghanistan and Rwanda with business owners in Oklahoma. One such entrepreneur found out about the program from a friend, applied, and was accepted to take part in this year’s session.
    Upon earning a master’s degree in Civil Engineering from the Universite de Sciences et Technique de Lille in Belgium, Lyliose Nduhungirehe began her career working for a construction company in Brussels, but she quickly switched paths to Information Technology.

    July 28, 2014 1 Photo

  • How to care for your pet without breaking the bank

    It’s a shame furry friends can’t pay for themselves. Though wagging tails after a long day at work may make pet ownership seem worthwhile, a happy pup won’t stop those bills from rolling in at the end of the month. Thankfully, quick and easy ways exist for dog owners to cut down on costs.

    July 28, 2014

  • MS_new pastor_Page_1.tiff Local church welcomes new pastor

    For one of Edmond’s newest pastors, faith and family intersect on a personal level.
    Sam Powers, pastor at Edmond 1st United Methodist Church, 305 E. Hurd St., and his family arrived in mid-May and his first Sunday in the pulpit was the second one in June. He and his wife Sheryl Heaton Powers, have two children — Kyla will be an eighth-grader at Cheyenne Middle School and David will be a fifth-grader at John Ross Elementary.

    July 28, 2014 1 Photo

  • pm_Ramona Paul.jpg Keith, 5 others to receive service awards

    The 2014 Door-Opener Awards Gala dinner and silent auction Sept. 4, benefitting ASTEC Charter Schools, will recognize five outstanding Oklahomans and one Kansan for lifetime contributions made toward helping others in society maximize potential and achieve dreams.
    Those selected to receive a Door-Opener Award at the Skirvin Hilton Hotel event include Dr. Harvey Dean, Pittsburg, Kan.; Toby Keith and Tricia Covel, Norman; Former Gov. George P. Nigh, Edmond; the late Dr. Ramona Paul, Edmond; and Natalie Shirley, Oklahoma City.

    July 28, 2014 2 Photos

  • MS_Andy Billups.jpg Local man relies on experience in July 4 emergency

    Andy Billups just happened to have gained experience as a combat zone firefighter/medic while he was serving as a civilian contractor in Iraq.
    The Edmond businessman just happened to have a friend with a place on Grand Lake where he has been viewing Independence Day fireworks for a number of years, and he just happened to be there July 4.
    And he just happened to be relaxing on a hammock when he heard a some kids making a commotion.
    Located two blocks east of Disney on State Highway 28 in the foothills of the Ozark Mountain Range in northeast Oklahoma, the 59,000-plus surface acre Grand Lake is known for its state parks, marinas, restaurants, motels and fishing.

    July 26, 2014 1 Photo