The press isn’t getting Heartbleed

This is like a slow motion 9/11 — it really is that serious.

No one is alarmed. The companies that should be safing-up their servers are moving too slowly.

This is very much like the buildup to the war in Iraq when the media didn’t carry the real story.

Only this time there is a lot that we should be doing that we aren’t doing.

What we should be doing

  1. Locating and updating the vulnerable servers.

There is no number 2.

Changing passwords is security theater. It doesn’t fix anything if hackers have access to your passwords, they have access to the new ones too.

What we should be doing: Specifics

In a comment below, I outlined a plan. I thought it should be in the post itself.

  1. First, I think we need leadership. Then we need to have a surefire way to discover vulnerable servers. You have to figure the hacking community is working quickly to figure out how to do this, if they haven’t already done so.

  2. Then we have to enlist the help of users in discovering those servers.

  3. A simple feature added quickly to all the major browsers that lights up when you’re on a server that’s not secure. And that event goes into a database, and that information is quickly shared with the owner of the system, when they can be located (some are not going to be easily located).

  4. Then again, if we had some leadership we could just isolate those systems. Cut them off the net, so that they themselves can be damaged, but they can’t be used themselves to cause damage. Again I’m sure we’re falling behind the bad guys as we speak. Of course they aren’t running press releases. That’s probably the major reason the press isn’t carrying any of the urgent messages that need to get out there.

  5. A Kickstarter project, that was immediately funded to do this work would be a good sign. Then we have to get the Netcraft people involved, and Schneier, and maybe a few other organizations that are good at communicating with programmers — O’Reilly, the developer programs at the big tech companies — Google, Apple, Facebook, Amazon, Microsoft, Twitter, Oracle, IBM, Salesforce, etc. Stack Exchange, Hacker News, Slashdot.

  6. The goal is to develop a communication system, quickly, to help locate and fix the vulnerable systems. And then brace for what comes next.

Advertisements

About Dave Winer

Dave Winer, 54, pioneered the development of weblogs, syndication (RSS), podcasting, outlining, and web content management software; former contributing editor at Wired Magazine, research fellow at Harvard Law School, entrepreneur, and investor in web media companies. A native New Yorker, he received a Master's in Computer Science from the University of Wisconsin, a Bachelor's in Mathematics from Tulane University and currently lives in Berkeley, California.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s