Heartbleed is serious

I’m not waiting for various businesses to contact me, I’m contacting them asking if they’re vulnerable and if so what’s the plan.

Changing your password is not a fix. Every site that is using a version of OpenSSL that has the bug has to be updated or patched. Obviously, the sooner the better.

Technical details here including the C code for the bug and the fix.

So far I’ve only heard from only a couple of very seriously technical sites, pubnub.com and oauth.io. It’s not clear if credit card companies, online stores like Amazon, banks and brokerage firms, are vulnerable, and if so how quickly they’re installing the patched software. We’re in that awful period where the vulnerability has been fully documented publicly. No one knows if any hackers were aware of the problem before it was discovered, but there is no doubt the bad guys know about it now.

This is one of the reasons why the Internet of Things hype is so scary. Right now, in 2014, our entire financial system is accessible through a compromised system. That’s bad enough. But what happens when our bodies are wired to the net. And our cars, homes, everything. It’s great to think about when everything is working and everyone plays nice. But if you know anything about software and networks you know that’s a naive dream.

Advertisements

About Dave Winer

Dave Winer, 54, pioneered the development of weblogs, syndication (RSS), podcasting, outlining, and web content management software; former contributing editor at Wired Magazine, research fellow at Harvard Law School, entrepreneur, and investor in web media companies. A native New Yorker, he received a Master's in Computer Science from the University of Wisconsin, a Bachelor's in Mathematics from Tulane University and currently lives in Berkeley, California.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s