Tagged With heartbleed


Mega breaches often garner the biggest headlines. Target in 2013 signalled the start of this, but since then we've seen Yahoo!, our own Red Cross Blood Bank, the US Department of Personnel Management and others suffer data exfiltration either by malicious parties or through human error. But something more troubling has been happening and it has me worried. Many of the protocols we rely on are under threat.


When I started working in IT, back in the 1990s, our primary focus was on reliability first and performance second. Viruses were on the scene - Word macro viruses like Melissa were probably the most significant threat of the day. But as long as our anti-virus software was up to date things were pretty good. Then the world changed.


Dear Lifehacker, There seems to always be a new, threatening bug on the horizon that has the potential to break the internet. Last year is was Shellshock and before that it was Heartbleed. So far, the internet is still standing. Do I really need to be worried about all these bugs and vulnerabilities, or is this stuff tech companies need to care about? Can someone actually use these against me?


Take a moment to jump back in your mental time machine to 31 December 1999. It was the biggest New Year's Eve for a thousand years. The dawn of a new millennium. But as we prepared to party, the world was also gripped by the fear that digital infrastructure was about to come crashing down around us.


Heartbleed, the bug that has preoccupied thousands of websites and millions of users over the past week, may well have been the biggest security flaw in internet history but it is unlikely to be the last. Our entire security infrastructure is a mess because both ordinary people and elite security experts often harbour fundamental misunderstandings about security, design and privacy.