The latest worry about security and privacy on the Internet revolves around a damaging computer bug called Heartbleed.
Heartbleed is a threat that exploits a flaw in the encryption technology that is supposed to protect our email, instant messaging and electronic commerce. For years we’ve been reassured that if we see a closed padlock and “https” in the browser address line, then information sent over that connection is secure from hackers. Now it turns out that is not true.
The security flaw has the potential to wreak havoc on untold numbers of people in the most subtle and not so subtle ways, as it went undetected for more than two years. Worse, while other intrusions leave tracks behind to let you know information may have been stolen, Heartbleed works without leaving a trace.
The bug creates an opening in the encryption technology known as SSL/TLS. It means hackers could have intercepted Internet traffic even if the padlock were closed. The problem affects only the variant of SSL/TLS known as OpenSSL, which happens to be one of the most common on the Internet. It’s a scary proposition.
Experts have recommended people change their passwords, but have been unable to agree on when they should do so. Some have said right away, while others cautioned patience until affected websites patch the flaw. For the truly cautious, change passwords right away, then again after websites are patched.
The confusion has some worried people spending a lot of time on the site LastPass, a password management company that set up various Internet tools where consumers can check specific sites to make sure they’re safe.
But it turns out there’s more to worry about than major Internet companies like Yahoo and Amazon. Now, security experts are saying the potential for damage could extend to the inner workings of the Internet and the plethora of devices that connect to it.
That could include home routers and printers that have OpenSSL, the system exploited by Heartbleed, built into their hardware. Many home routers are configured to block outside traffic, making it less likely hackers will spend the extra time needed to steal passwords, but the ubiquity of OpenSSL makes for some potentially astounding ramifications.
Major retailers were the targets of hackers during the last Christmas shopping season, and personal informations on tens of millions of customers was stolen. Defense Secretary Chuck Hagel says China is ramping up its cyberespionage against the United States. A Senate report in February said government agencies are ill-prepared to guard networks against even average-level hackers. Now we have the Heartbleed revelations.
This latest scare should help every one of us understand more clearly how vulnerable we are in this Internet age. Last year, President Obama signed an executive order to address some concerns. The order promotes increased information sharing about cyberattacks between government and industry, but fell far short of the need for tougher cybersecurity.
The Internet revolutionized the way we conduct our lives, which is why it is so important that it be made safe and secure.