The recent discovery of the Heartbleed compromise has affected myriad online services and accounts. But many are confused as to how it began, what is going on now, and how safe online users will be in the future.
One important fact to note is that Heartbleed is a defect, not a virus, as Forbes writer James Lyne states in his article. The software defect is related to the Open SSL software code used for a number of online sources, "which means," writes Lyne, "that the code is available for anyone to review and for those handy with code to contribute to." It can be manipulated, and the information stored within its protocols can be retrieved.
This is not the worst of it, however. Lyne points out that "There are lots of tools and processes that would have turned up such a fault very quickly, yet it went unnoticed for an extended period of time and was adopted in to a staggeringly large number of places."
And of course, it gets worse. With the open-source nature of the program, one would expect that experts would be able to manipulate the software if there were problems. So why did this not occur? "Unfortunately, the project is very under funded and reviewed given the critical role it plays."
With the lack of accountability for its functions and the seeming absence of monetary support, how can users expect to entrust the entirety of their identity to the digital realm? For a service that is increasingly essential for the integrity of professional, economical, and social realms, how can one ever trust the Internet with the most sensitive collections of information?
"This is certainly not the first bug like this (though this was one of the more painful ones) and it is very unlikely to be the last." Vulnerabilities such as Heartbleed will always exist on the Internet. But will there one day be a defect, or even a virus, that completely wipes the digital slate clean and reduces our online way of life to nothing?
No comments:
Post a Comment