Shellshocked: dealing with cyber insecurity

Computing and communications services issued a security alert Monday about a flaw in the computer program known as Bash.

A bug, called Shellshock, can be used to hack into servers and gain access to data, browsers and other files.

Mugino Saeki, information systems security officer at Ryerson, says the university has been investigating the matter since news of the bug broke last week.

Still, some say cybersecurity threats, like the Shellshock bug, are not made known to students as often or as rigorously as they should be.

Michael Lyons/Ryersonian Staff

Michael Lyons/Ryersonian Staff

Ryerson does not have a cybersecurity training program and has no plans to create one, said Brian Lesser, the director of computing and communication services.

This stands in contrast with other large universities.

Columbia University launched an online security and awareness training program in March.

And York University, on its Facebook and Twitter accounts provides tips for online safety and alerts students to email phishing scams. It too offers an online awareness course.

With more personal information making its way online, cybersecurity is of increasing importance, said Christopher Russel, director of information and communication technologies at York.

“It is essential that individuals are aware of the issues and take precautions of their own to use the Internet and computing devices safely,” he said in an email.

“The security awareness initiative is intended to help promote that awareness, and provide helpful resources and training to York community members.”

York plans to expand cyber awareness on campus during National Cyber Security Awareness Month, which happens in October.

Online security information, like safe password suggestions, tips on securing a smartphone in case of robbery and avoiding email phishing scams is available on CCS’s webpage.

Lesser said new students at Ryerson are prompted to go through a “best-practices” quiz when setting up their Ryerson email accounts, but he admits they often just “click through” this material.

Cybersecurity information posted on my.ryerson bulletin boards is also mostly ignored, said Lesser.

Emma Greig, a fourth-year radio and television arts student said she “wouldn’t be interested” in taking an online security training program if Ryerson offered one.

But some students say a cybersecurity course would be worthwhile.

“People give out their information way too easily,” said Erin O’Sullivan, a first-year urban planning student.

“It would be good if Ryerson had an education program as a way to support people in being more aware of what they are doing online.

Though increasing cybersecurity awareness on campus is not a university priority at this time, Lesser said it’s something that CCS is talking about.

As for Shellshock, Saeki said keeping systems and devices up-to-date is a general best-practice for reducing the risk of cyber attacks.

“System patches and updates aren’t just for providing users improved widgets and app functionality, they also fix security vulnerabilities,” said Saeki.

Operating systems are expected to release updates containing patches for the Bash program as they become available.

A Shellshock advisory, and a how-to guide to checking your computer’s vulnerability, can be found on the CCS webpage.

This story was first published in The Ryersonian, a weekly newspaper produced by the Ryerson School of Journalism, on Oct. 1, 2014.
By Jessica Lepore and Taylor Poelman

Comments are closed.

Read previous post:
UPDATED: Controversial Sun News host Ezra Levant to speak at Rye

A media personality who attacked Liberal leader Justin Trudeau and his parents in a derogatory rant last week is coming to...