The internet feels very much like an extension of my home. My own little corner of the internet is very much like the TARDIS: bigger on the inside than on the outside. Games, pictures, documents, notes, and friends all reside within a digital space that is both easy to access and conveniently does not fill up my shelves with junk. Unfortunately, the last week has pointed out that while the internet feels like home, many of us still leave the front door open.
I highly doubt anyone has managed to miss the news of the Heartbleed bug. The massive flaw in OpenSSL allows hackers to retrieve information from servers running the particular type of cryptography. Mostly it means stealing passwords and other information that will allow access accounts to make stealing more information easier. Heartbleed itself is simply another symptom of a larger problem. One that will only grow with time.
Security companies often point out the threat of malware and what it can do to damage us. Not a week goes by without one of the many antivirus and security malware vendors issuing a press release about the number of threats they have uncovered, or the name of the latest piece of malware that has been discovered.
Those stories pale in comparison with the more recent NSA spying scandal, where the United States government has been accused of spying on individuals across the globe. Malaysians were not spared from this network of intelligence gathering, and yet the issue is all but forgotten.
Both malicious hackers and government cyberwarfare units are generally after the same thing: information. While it is common for some of us to say that we have nothing to hide or that our information has to value to anyone else, the truth is that it is more about protecting our own privacy and personal space.
To be fair to the professionals who worked on correcting the Heartbleed bug and other less notorious vulnerabilities, nobody will be able to catch all the flaws in the code. Especially one with limited resources like the open sourced OpenSSL, which relies on contributors and volunteers. The main issue at this point is convincing people to take their own security seriously.
Most of the tech savvy community will have undoubtedly taken steps to change passwords that need to be changed. But even if this happens, how many of us use the same password for multiple sites? A single vulnerability exposes many accounts, whether or not they were involved in the original problem.
While many Malaysian banking sites were not directly affected by Heartbleed, it wouldn’t be too difficult to imagine that at least some of the passwords used to access bank accounts would be reused on another site that was affected. Which means that changing one password still leaves other accounts vulnerable.
There is some talk about doing away with passwords and using newer technology to help overcome the weaknesses inherent in using an alphanumeric string. However, that is not to say that using biometrics will be any safer. After all, these are still people writing the code; and people will not be able to account for every eventuality.
Two stage authentication combined with multiple secure passwords is possibly the bare minimum required from internet users. Although the extra step that goes into accessing an account tends to cause users to avoid the hassle; all in the sake of convenience and expedience.
Admittedly, two stage authentication doesn’t help much in the case of Heartbleed; but this particular bug is a very special case. One that future updates to internet security protocols will endeavour to avoid.
As technology begins to creep into every aspect of our lives, the responsibility for our own security increasingly lies with the user. We go to great lengths to ensure we remain safe in the physical world by locking our doors, installing security systems, and storing important documents safely. Why should our online lives be treated any differently?