Information safe at DC/UOIT from Heartbleed


Manager, ITSM and governance, Jessica Harris poses for a photo as she researches Heartbleed on her computer

Alert! This is an automatic message: All information at DC and UOIT is secure, after the Heartbleed bug earlier this year.

This is the message Durham College sent to staff and students in April, after the bug temporarily shut down the Canadian Revenue Agency (CRA) and resulted in 900 SIN numbers being stolen.

Although the bug compromised user names and passwords around the globe, officials at DC say they have done everything they can to protect the information on campus.

“As soon as we got wind and heard about the Heartbleed, as soon as a patch was available we patched all of our servers,” said Jessica Harris DC’s manager of ITSM and governance, explaining that patches are like updates.

According to the Harris, IT personal maintain and update the servers, services and firewalls.

They update computer programs to fix them or improve them to protect against security risks or other bugs.

Harris said when the college is informed of security issues, patches release to be applied to the servers and firewalls.

“We grab the patch and install it on our test servers,” Harris said.

A test is then performed to seek out regressions-a type of software bug-or any other type of software bug.

Harris said once the test is okayed it goes into production on the main server, last minute regression testing is done.

According to Harris, the test is to secure all the information at the college and university.

“What we needed to do is we needed to patch all of our firewalls and patch all of our servers,” Harris said.

She said there was a sense of urgency with Heartbleed and the servers were patched right away, compared to the servers being patched monthly.

But she said students also play a part in protecting their information.

They can keep their information secure by changing their passwords regularly.

According to assistant professor in the Business and Information Technology at UOIT, Julie Thorpe, it is best to choose a password with a mixture of uppercase, lowercase, special characters and numbers.

“Mix the words and special characters up. Don’t just use them at the beginning and end, use them throughout,” Thorpe said.

She said weak passwords are easier for attackers to find because they are commonly used words or passwords that attackers have learned are commonly used.

“For a more important password, it’s best to make it 10 characters,” Thorpe said. “Longer is better.”

Password managers can be helpful because they store all your passwords into a file and it becomes encrypted and you need a master password to decrypt to gain access to your password files.

Thorpe suggests storing the password somewhere safe if you are not sure you will remember it, if you use a password manager.

“Use a phrase that is not common,” Thorpe added, reminding people. “Security is not always 100 per cent bullet proof.”