The Student News Site of Colorado State University

The Rocky Mountain Collegian

The Student News Site of Colorado State University

The Rocky Mountain Collegian

The Student News Site of Colorado State University

The Rocky Mountain Collegian

Print Edition
Letter to the editor submissions
Have a strong opinion about something happening on campus or in Fort Collins? Want to respond to an article written on The Collegian? Write a Letter to the Editor by following the guidelines here.
Follow Us on Twitter
The Top College Football Lines' Successful Players
September 14, 2023

When it comes to American Football, most people love to watch the NFL. We cannot really blame them though. This is where the magic happens....

Heartbleed: Computer Safety

 (Photo credit: KoFahu meets the Mitropa)

Last week, the news about a large-scale internet security vulnerability called the heartbleed bug jolted the tech world and sent websites and companies into crisis mode.

For those who have not heard, the heartbleed bug is a vulnerability in the programming used in open-sourced SSL server software and on websites.


Many websites have adjusted their programming, but before putting vital information on the web, like online banking information, students should check to be sure that their banking app or website does not use the vulnerable version of the OpenSSL software. To see if a site is secure, students can go to and input a site’s url.

Indrajit Ray, a computer science professor here at CSU who specializes in network, data and application security, breaks down the problem in simpler terms.

“It’s called heartbleed because it is bleeding memory location, you can read memory contents off a machine,” Ray said.

Much of the web uses the OpenSSL protocol software to encrypt communications between computers. For example, Gmail, Facebook and a few banking sites use the OpenSSL software.

The protocol involves the use of “keys.” One is called the public key, and the other is called the private key. The public key encrypts a message to a specific location, and the recipient uses their own private key to decrypt and read that message.

The security breach occurs when the private key, which expresses a digital signature, can be obtained and used by any motivated hacker.

“If someone has Gmail’s private key, they can access Gmail’s messages and tell the world they are Gmail,” Ray said. “It’s a very serious flaw, but it’s also an easy fix.”

While the heartbleed problem presents a issue for users and web servers alike, the solution is fairly simple. For the everyday person, simply changing login information is a useful if tedious task to protect personal accounts and information.

If the servers themselves are not patched, your new information can just be viewed by the next interested hacker with knowledge of how to exploit the heartbleed bug.


The vulnerable SSL software has been in use for over two years. The problem was discovered last week by security engineers at Codenomicon and Google Security.

So if the problem has existed for two years, and vital information could have been seen for that entire time by anyone who knew about the heartbleed bug, then who knew about it?

“We don’t know how much it has been exploited, and there is no real way to verify if the vulnerability has been exploited,” Ray said. “We assume that other people knew about it.”

Although the prospect of so much private information being openly accessible for such a long period of time is frightening, pragmatic action — like changing passwords and being aware of the still-vulnerable websites — will minimize the risk the heartbleed bug poses.

Collegian Editor at Large Zack Burley can be reached at

Leave a Comment
More to Discover

Hey, thanks for visiting!
We’d like to ask you to please disable your ad blocker when looking at our site — advertising revenue directly supports our student journalists and allows us to bring you more content like this.

Comments (0)

When commenting on The Collegian’s website, please be respectful of others and their viewpoints. The Collegian reviews all comments and reserves the right to reject comments from the website. Comments including any of the following will not be accepted. 1. No language attacking a protected group, including slurs or other profane language directed at a person’s race, religion, gender, sexual orientation, social class, age, physical or mental disability, ethnicity or nationality. 2. No factually inaccurate information, including misleading statements or incorrect data. 3. No abusive language or harassment of Collegian writers, editors or other commenters. 4. No threatening language that includes but is not limited to language inciting violence against an individual or group of people. 5. No links.
All The Rocky Mountain Collegian Picks Reader Picks Sort: Newest

Your email address will not be published. Required fields are marked *