ONE-HUNDRED-TWENTY-FOUR YEARS OF EDITORIAL FREEDOM Thursday, April 10, 2014
Ann Arbor, Michigan
michigandaily.com
TECHNOLOGY
Internet security flaw affects ‘U’ ITS staff scrambles to protect Wolverine Access, CTools after high-stakes breach By SAM GRINGLAS Virginia Lozano/DAILY Public Policy sophomore Nina Peluso performs with the A capella group Amazin’ Blue during the Diversity Monologues at Literati Bookstore Wednesday.
Performances look at campus climate Event series ends with exploration of misrepresented identities By AMIA DAVIS Daily Staff Reporter
On Wednesday, the LSA Honors Program hosted an event aimed to explore a broad
range of identities on campus that are perceived as being ignored or misrepresented. The title of Wednesday’s Diversity Monologues, which was the concluding event in the program’s series, was “Words from ‘Victors.’ ” LSA junior Harleen Kaur, LSA senior Alexa Wright and LSA senior Brianna Kovan organized the event, which was held at the Literati Bookstore at 124 E. Washington St.
Wright said the event helped improve relationships between students and staff by providing a safe space for students to speak and learn more about different identities at the University. “We thought this would be a great, creative way for students to express their thoughts, and we really wanted to tie it in to what it means to be here at the University,” Wright said. See DIVERSITY, Page 3A
Daily News Editor
The University’s Information and Technology Services staff are working to combat a security flaw that left sensitive information on some of the Internet’s most visited sites — as well as key University portals — vulnerable to prying eyes. The flaw was first discovered last week by Finnish researchers and engineers at Google and made public Monday. But unlike the December Target security breach in which thousands of credit card numbers were stolen from the retailer’s servers, this particular finding — now nicknamed “Heartbleed” — stemmed from a coding error in a standard Internet security platform. Though it’s uncertain whether any passwords or data were compromised by the flaw, major websites such as Facebook,
Google, Yahoo and Amazon quickly patched the defective code, The New York Times reported. Many others are scrambling to prevent data theft and secure their affected servers. In an interview Wednesday evening, Paul Howell, the University’s chief security officer, said Information and Technology Services staff had fixed most of the affected University’s sites Monday, including Wolverine Access and CTools. “The severity of the issue was apparent and teams here and at many universities have been working around the clock to get servers patched and to get fixes in place,” Howell said. OpenSSL, the affected software, is a toolkit included in many webserver programs, such as Apache, that is designed to encrypt communication between web browsers and servers. Michael Bailey, an associate research professor of electrical engineering and computer science, said OpenSSL is a tool that is supposed to keep Internet users secure. For example, OpenSSL prevents others from eaves-
BUSINESS
RESEARCH
Students build app to keep track of friends Student-launched app ‘Merge’ shows others’ free time By ARIANA ASSAFF Daily Staff Reporter
Early on in their freshman year, Business sophomores Daniel Steinmetz and Brandon Alster discovered how hard it could be to connect with friends on short notice. Oftentimes, they’d find themselves spending time between classes reaching out to friends who were already busy, and they needed something that could instantly tell them which friends were available. In January 2013, Steinmetz and Alster began brainstorming ideas for a project they would come to call Merge — a social networking app that allows college students to instantly compare schedules — designed to make meeting up with friends quick and easy. Steinmetz and Alster enlisted University alum Josh Sklar and LSA junior Nathan Pilcowitz, an iOS designer, in April 2013 to bring the app to life. Now, students can use Merge to meet friends for coffee, plan group projects and find out what friends are up to.
The current version of Merge includes a buddy list that shows users which of their friends are available at any given time. Students can message available friends through the app, and create “events” to designate a time and place to meet. The app also has a comprehensive list of courses that students can add to their unique profiles. Steinmetz and Alster used public databases to load most course information into their app, while classes in the Business school and the School of Information had to be manually loaded. “Merge is for the busy, driven college student who wants to stay social, but wants to save a lot of time doing so too,” Alster said. As of the Fall 2014 semester, Merge had accumulated 1,500 users. They released a video on Monday to explain and promote the app. For now, Merge is a nonprofit endeavor. Steinmetz and Alster said their priority is creating a good product and increasing their user base. Until recently, they were paying out-of-pocket to get their idea off the ground. “We believed in the idea, but didn’t have all this money to spend on an app,” Alster said. “We figured if we could get an investor, it’d be worth it.” See APP , Page 3A
dropping on communication between a professor entering grades in CTools from his or her browser and the University’s server that runs CTools. It ensures no one else can modify the grades between the professor’s input and their registry in CTools and lets the professor know it’s really CTools, and not an imposter site, into which the sensitive information is being entered. The same principles apply to a student using Facebook. OpenSSL ensures information disseminated between one’s Internet browser and Facebook server is done so securely. But websites using the March 2012 version of OpenSSL have not been protected due to the coding error that — unknown until last week — has existed since the version’s release and has left scores of websites vulnerable for more than two years. While there are different security programs and versions available, The New York Times estimated the flaw in OpenSSL 2012 versions affects two-thirds of Internet sites. According to a study conducted Tuesday by Bailey and Alex See INTERNET, Page 3A
‘U’ to lead new nuclear monitoring coalition Grant program aims to modernize Non-Proliferation Treaty enforcement By TOM MCBRIEN Daily Staff Reporter
Terra Molengraff/DAILY Johan Mackenbach, professor and chair for the Department of Public Health at the Erasmus University Medical Center, speaks about health policy in European countries at the School of Public Health Wednesday.
International professors discuss healthcare concerns Speakers outline challenges of European health disparities By JULIA LISS Daily Staff Reporter
Two speakers gave a joint lecture Wednesday on international health policies at the University’s
School of Public Health, drawing around 40 graduate students and faculty. Johan Mackenbach, professor of public health at Erasmus University Medical Center in Rotterdam, the Netherlands, spoke of the recent divergence of life expectancy in Europe and possible explanations for such a trend. Mackenbach said the trends, which show health disparity based on national income gaps, are the result of a variety of
cultural factors. Using charts, graphs and other data to help illustrate his point, Mackenbach showed that periods of democracy had historically higher life expectancies, while periods of more chaotic political climates showed dips in the life expectancies. Mackenbach outlined 11 specific areas of focus for health policies, including tobacco control, alcohol control, child health See HEALTHCARE, Page 3A
Few scenarios are more terrifying than the possibility of a nuclear war or terror attack. But thanks to a federal grant, the University is leading a consortium that will develop cutting-edge technology and methods for nonproliferation efforts in the U.S. and worldwide. The University received a $25 million grant from the Department of Energy to lead the 13-university consortium in improving technologies for monitoring nuclear materials, developing new methods to detect secret nuclear tests, analyzing current nonproliferation efforts and training the next generation of experts in the field. Engineering Associate Prof. Sara Pozzi has been selected as the director of the program, which is called the Center for Verification Technologies. “There are threats from See NUCLEAR, Page 3A
the fashion b-side
An in-depth look at the SHEI student runway show at the ‘U’ » INSIDE WEATHER TOMORROW
HI: 59 LO: 34
GOT A NEWS TIP? Call 734-418-4115 or e-mail news@michigandaily.com and let us know.
NEW ON MICHIGANDAILY.COM ‘Game of Thrones’ RECAP: ‘Two Swords’ MICHIGANDAILY.COM/BLOGS
INDEX
Vol. CXXIV, No. 99 ©2014 The Michigan Daily michigandaily.com
NEWS......................... 2A SUDOKU.....................2A OPINION.....................4A
S P O R T S . . . . . . . . . . . . . . . . . . . . . . . 7A CL ASSIFIEDS...............6A B-SIDE ....................1B