Heartbleed starts dialogue for the actual safety of online
By KRISTEN LAWRENCE
Two recent incidents seeded the public with suspicions as to how effective anti-theft measures are: the Target security breach that occurred late last year: and the University of Maryland data breach of this year.
The latest in this string of online security breaches is dubbed the Heartbleed bug, and it has the potential to cause a devastating amount of damage.
The Target security breach in 2013 lost security for thousands of customers’ credit card information during the busy holiday season.
The store chain could now face class-action lawsuits from the banks that had to replace affected and potentially affected cards.
No less distressing was the breach of the University of Maryland’s systems that netted its assailants the secured records and social security numbers of over 300,000 faculty, staff and students who were signed up for identification cards with the school. The pool of people included those whose studies dated back to the 1990s.
PC World, an online news resource for technology, said the latest iteration, the Heartbleed bug, is the exploitation of a flaw in the OpenSSL key, which is part of the security certificate on popular sites such as Facebook and Yahoo.
It is used to verify that a client’s computer is not connecting with a fake website instead of the actual thing. An indication of OpenSSL functioning on a given website is a secured padlock in the address bar.
Fortunately, this exploit was discovered by way of testing via researchers, rather than implementation by criminals, but there is still the question of just how secure any information is over the internet.
The frequency of online burglary is highlighted by these two major breaches in the span of only a few months, and the thwarting of a third possible avenue of attack serves to show just how flawed the online security is.
Perhaps researchers were quicker to respond to another threat due in part to a deficiency of action by Target when the first breach occurred.
According to Reuters, the popular shopping chain declined to respond when the first wave of warnings about malicious activity went out. A moment’s of ignorance cost Target a fair chunk of their good reputation and the upward mobility of their stocks, with good reason.
In the case of the University of Maryland, the thieves in question had to jump through a number of hoops for a copy of the information they stole. “The Washington Post” reported that the information was locked behind several layers of security and was only accessible due to concentrated efforts.
Someone studied and planned for that heist for some time, which is worrying when we consider our own social security numbers and other sensitive information that we have shared with our own school.
It is fortunate that this most recent iteration of online hacking was foiled in its earliest stages, but it does not diminish the potential for another attack to occur at any moment.
Companies are just now starting to scan for weaknesses and flaws in their security programming, but we are still left to scramble and worry that the next breaking news will be of some breach that lost our vital information, if we have not already lost it before.
Companies need to step up their game, to hold themselves more accountable for the very real potential of malicious activity.
As customers of these banks and shops, and members of these schools and organizations, we need to be on the lookout and be mindful of the not-so-secure security of these places.