Heartbleed is a warning

One of the first things you hear about this generation is that people put their whole lives online.

Due to the recent online security mishap known as Heartbleed, everyone’s password for just about everything has potentially been compromised. Everyone from your favorite news source, to your favorite aunt has been telling you the changing your passwords will make you safe, but “ethical hacker” David Kennedy has a much better idea.  

I don’t know a lot about computer science but after some web searching here are the basics of what I learned: Heartbleed was a mistake in programming in a project called OpenSSL.

OpenSSL was created in the ’90s to prevent uninvited third parties from accessing personal information submitted to websites. The “Open” in OpenSSL is supposed to mean that any programmer can work on the project—the idea is that people will add to it, and others will double check it.

What it really means is that this project has one full time programmer, and a few volunteers, overseeing a program run on two-thirds of all websites on the Internet.

Sites like Google, Amazon, Facebook, and Tumblr all fell victim to this vulnerability. Even the FBI was at risk, which does not exactly inspire confidence in the security of the nation. The bug was added and distributed to the software over two years ago, and only discovered on April 7, leaving website users (i.e. you) extremely vulnerable.

All the information you submit to these website, under the guise of security and protection, were actually open for anyone smart enough to find them to see.
The problem is there are a lot of people smart enough to find them, and not all of them could be described as “ethical.”

There are too many people who know more about this technology than I do for me to continue to blindly trust that my information is being kept safe. If even government agencies are vulnerable to faceless criminals armed with nothing but a laptop, how secure are any of us?

This is where David Kennedy steps in. He says that the code isn’t the problem, it’s the passwords.

We trust a single code word to protect our out entire lives? Kennedy says they are an antiquated way of protecting our information, and I believe it. Especially given the tendency people have to name everything after their childhood pet.

In a world where everything is on the Internet, and anyone with know-how can access all of it, we need to keep our security separate.

Apparently, there are new technologies that allow much more extensive procedures in order to access personal information online. One example is as simple as an online and cell phone text confirmation. Another is as sci-fi as a bracelet that identifies the users heart beat.

Resorting to these measures may seem like something out of “The Matrix,” but honestly, with the government conspiracies and evil genius hackers already surrounding the Heartbleed debacle, I already feel like I accidentally took the red pill.

We all need to wake up to the realities of the digital world we live in, and be better prepared for them.

jordrile@indiana.edu
@RiledUpIDS