By Charlotte Thun-Hohenstein
“The biggest security threat the internet has ever seen” is how the ‘Heartbleed’ bug has been described. Hacking personal information from unsuspecting internet users is nothing new—it’s the sheer scale of this coding flaw that has earned it such a drastic reputation. Half a million websites are thought to have been affected thanks to a programming glitch in the OpenSSL that supports a host of online operating systems. Passwords, usernames, credit card details are all up-for-grabs until targeted websites patch their loopholes.
Heartbleed has highlighted several uncomfortable elements about internet security, not least of which is users’ apparent apathy to the issue. Despite the bug’s rather sensational name and press coverage a recent poll showed that only 23 percent of Americans actually checked to see if they were directly affected, and 38 percent changed at least some of their passwords.
Maybe this is unsurprising given the surreal reality that a user may have no idea they have been targeted until they, say, mysteriously lose vast amounts of money from their bank account. We are all still learning how to engage with this issue. But the bug also demonstrates our online safety’s uncomfortable dependency on forces beyond even federal control.
Robin Seggelmann, the man responsible for the coding flaw is German. Even if he were subject to US legal proceedings it’s unclear what level liability would be appropriate, given that the glitch was apparently was a “serious… but normal mistake.”
Furthermore, the whole discussion around cybersecurity is obscured by a great deal of shame and confusion on behalf of the companies supposedly in control, exemplified by Apple’s release of antidotes for affected hardware, having initially declared to be invulnerable to Heartbleed altogether. If cybersecurity can be understood along the lines of public health, then viruses seem equivalent to STDs: no-one wants to admit to having one.
What can everyday internet users do to protect themselves? For now the message seems to be the usual: choose diverse and obscure passwords, change them when vulnerable, update software regularly. Beyond that everyone is at the mercy of the companies and organizations administering to the websites. Thankfully, Allan Friedman, this week’s guest contributor on BTN and co-author of Cybersecurity and Cyberwar: What Everyone Needs to Know (Oxford University Press, 2014) seems surprisingly optimistic…
Host, Writer – Charlotte Thun-Hohenstein
Video Editor – Andy Morell
Script Supervisor – Matthew DeMello
Research – Tanya Silverman
Social Media – Molly Freeman
Editing – Dane Feldman
with guests – Allan Friedman