Queen's University

Heartbleed virus has exposed millions of passwords to theft risk: Queen's University expert

2014-04-09

Queen’s University computer and internet security expert David Skillicorn can comment on Heartbleed, a web security flaw that has exposed millions of passwords and credit card numbers to theft risk.

Dr. Skillicorn, a professor in the Queen’s School of Computing and a cyber hacking expert, says Heartbleed affects the encryption technology that is supposed to protect online accounts for emails, instant messaging and a wide range of electronic commerce.

“The so-called Heartbleed vulnerability in Open SSL is the most serious weakness in recent years,” says Dr. Skllicorn. “OpenSSL is used by about two-thirds of web sites to encrypt the data travelling between them and users. This vulnerability completely opens up the traffic and what's happening in the memory of the computers at both ends (servers and users). The vulnerability has existed for at least two years; and exploiting it appears to leave no traces, so we can't know who's been hit and who hasn't.

“This means that encryption keys, user names and passwords, purchase details, and many other pieces of data have been potentially compromised. The CRA has already pulled the plug on its eServices. Users can't do anything to recover yet. As web sites install the fix, they will have to tell users and let them change their passwords -- but much more extensive changes by users might be needed.”

Please note Dr. Skillicorn is not available between 11:30 am and 1:30 pm.

To arrange an interview, please contact communication officer Anne Craig at 613-533-2877 or anne.craig@queensu.ca at Queen’s University News and Media Services Department in Kingston, Ont., Canada.

Follow Queen’s News and Media Services on Twitter: http://twitter.com/QueensuMedia.

Attention broadcasters: Queen’s has facilities to provide broadcast quality audio and video feeds. For television interviews, we can provide a live, real-time double ender from Kingston via fibre optic cable. Please call for details.

Copyright © Queen's University
Kingston, Ontario, Canada. K7L 3N6. 613.533.2000
Last updated at 4:40 pm EDT, Tue July 29, 2014
iTunes is a trademark of Apple Inc., registered in the U.S. and other countries.