Heartbleed heartaches: Do you trust the Internet?

I just don’t trust the Internet anymore as a place to do financial transactions, and I am betting a lot of other people feel that way. Not that I do much online business. But I am told that even if you never use the Internet, companies that you do business with use the Internet, and our transactions with them are probably recorded somewhere online.

In other words, the Internet reaches into our lives whether we like it or not — in myriad ways.

One could talk about a huge invasion of privacy here. And about just how unsafe the Internet is.

I’m thinking that business didn’t really look hard before it leaped into the Internet. I fear the Internet will implode as a place to do business, and thus go out of business itself — leaving many people holding the virtual bag. Pop!

Maybe I’m wrong. Maybe authorities will be able to make the Internet safe from hackers and thieves. Or maybe something so bad will happen that they will have to shut it all down — just like they banned all planes from flying for a while after 9/11.

Imagine a world without the Internet. Hey, I can do that. I remember when the Internet didn’t exist, and we all got along just fine.

But I really do love the Internet, especially social media and blogging. It really has made the world a global village.

Will a few rotten individuals spoil it for everyone else?

I hope not.

— Jillian

 

14 thoughts on “Heartbleed heartaches: Do you trust the Internet?

  1. Banks still get robbed – should we shut them down?

    As long as people are involved, no security system will ever be completely safe. As a programmer, I have had an “oh, shit” moment or two when a program I was working on did something completely unexpected because an 8-bit buffer overruns with a 16-bit word from another program. As an example…
    Even NASA isn’t perfect, witness the loss of the Mars Explorer because one engineering team was working in metric units and another in English. “Missed the planet by that much”. (Maxwell Smart). So the OpenSSL programmers were not checking for the length of the “request” packet from the browser causing the server to return too much data. Who would have thought? As soon as exploits are discovered they are quickly fixed.

    Now, is it unsafe to do transactions online? I don’t think so and make thousands of dollars of transactions monthly. Banks and businesses rely on online transactions too much, and like any currency, it’s based on trust. If a bank or major business like Amazon did not make their customers whole after a data or funds theft, that trust goes away and they are out of business. Just look at the millions of dollars that Target has paid to compensate customers who *may* have legitimate damages from their Credit Card data theft last Christmas.

    I ramble….

    Like

  2. You should read Bruce Schneier more. Oh, and also the books of Cory Doctorow “Little Brother” & “Homeland”. They’re teen fiction but filled with reaaaally good information about encryption, privacy etc.
    Also, you should go more around EFF.org

    Like

  3. Trust has been lost, easy to loose hard to regain…

    A few rotten scum have spoilt it but I am mostly in the garden now so…

    Like

  4. The Internet is a means of communication. In many ways it bears a passing resemblance to publishing, in that it allows folk to disseminate their ideas, but – as you know from your blog – it makes it so much simpler than having to print and distribute stuff on paper.

    There have been thieves for longer than there has been the written word. Perhaps even longer than there has been the spoken word. It is an unfortunate part of learning what it is to be a member of the human race to discover that there are some that don’t think they need to earn a living, but can take what they others have earned whether by guile or by force. (And I don’t just mean governments and tax men.)

    The Internet is a set of protocols that allow us to use computer communications to exchange information with other people, and with computers action for other people. By and large the only “authorities” involved on the Internet are those that define and implement those protocols, like the Internet Engineering Task Force and RFC 6101 that defines SSL, (the “Secure Socket Layer” http://tools.ietf.org/html/rfc6101), and the open source OpenSSL project (https://www.openssl.org/) that has implemented SSL in the form that has led to “heartbleed”. There is no-one in control of the Internet, and if folk are willing to develop open source software that is essentially free to anyone that wants to use it, then there are other folk that will make use of it. There are no guarantees as to the “fitness for purpose” of this open source shareware. “Caveat emptor” as they say, but if the stuff is free is there an “emptor”?

    That aside, I can’t see us giving up using the Internet, and more than I can see us giving up using speech, writing, printing, the telephone, or the other developments in communication that there have been over the last few millennia, even if the Internet is only a couple of decades old. The Internet has proven itself to be far too valuable to relinquish.

    Like

  5. “Also, you should go more around EFF.org”
    I was a founding member in 1990.

    ” the open source OpenSSL project (https://www.openssl.org/) that has implemented SSL in the form that has led to “heartbleed”. There is no-one in control of the Internet, and if folk are willing to develop open source software that is essentially free to anyone that wants to use it, then there are other folk that will make use of it. There are no guarantees as to the “fitness for purpose” of this open source shareware. ”

    The reason that SSL code is open-source is precisely because no one is in charge. If Google owned SSL, they could control the Internet. Open Source projects are peer reviewed before being released. Heartbleed is simply an error that made it through the cracks. Because SSL is Open Sourced – it is more secure than closed proprietary code simply because you have more eyeballs trying to break it.

    Like

    1. Steve, I know open source projects are peer reviewed. My contributions to the Android Open Source Project are peer reviewed by my colleagues at ARM first, then by the various domain experts at Google/Android before they allow it to be merged into the AOSP master branch.

      We know how massive and complex software is these days, and – with the best will in the world – the cracks still appear, despite all the “eyeballs trying to break it”. It just goes to show that we humans are fallible, and never manage to consider all the implications of what we do, no matter how hard we try. As we find and fix faults like Heartbleed then security should improve over time, but it will never be perfect.

      To be honest the general public is more at risk from “social engineering” scams than from the more technical problems.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s