The real reason you should be freaking out about Heartbleed

A catastrophic security vulnerability gave the keys to just about everything to the surveillance state. Accident?

Topics: heartbleed, Security, Privacy, NSA, snowden, Edward Snowden, openssl, encryption, ,

The real reason you should be freaking out about Heartbleed (Credit: alengo via iStock)

There are many reasons to be concerned about “Heartbleed,” the catastrophic vulnerability in the Internet’s most popular security technology that was  disclosed on Tuesday. For one thing, it’s not even clear what we, as individuals, should be doing about it. At the Atlantic, James Fallows is strongly urging that we change our passwords to our most crucial online services right now. But other experts are advising that we should wait a day or two, until potentially compromised sites have upgraded their software. Otherwise, we’ll just be handing a new password over to an already-busted security system.

That’s nerve-wracking, but not quite as anxiety inducing as the speculation floated by Bruce Schneier, a longtime security analyst with impeccable credentials.

At this point, the odds are close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.

By “odds are close to one” Schneier means that the likelihood that the Heartbleed bug has already been exploited by everyone from the NSA to to the People’s Liberation Army is close to 100 percent. But even more distressing is the notion that this might not have been an accident.



A year ago, most of us would likely have scoffed at such paranoia. But in the post-Snowden world, one in which we have proof that the NSA was covertly breaking into the communications infrastructure of companies like Google and Facebook, nothing seems impossible. Given what we know now, in fact, it seems almost inevitable that something like this would happen.

Presumably, a fair amount of investigation attention is about to be devoted to the question of how this particular bug ended up in the code for OpenSSL. It will be instructive to track that story. In the meantime, yeah, probably a pretty good idea to change your passwords. Perhaps more than once, this week.

Andrew Leonard

Andrew Leonard is a staff writer at Salon. On Twitter, @koxinga21.

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 11
  • Close
  • Fullscreen
  • Thumbnails

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott and the friends with whom he recorded in middle school in Texas (photo courtesy of Dan Pickering)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Heatmiser publicity shot (L-R: Tony Lash, Brandt Peterson, Neil Gust, Elliott Smith) (photo courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott and JJ Gonson (photo courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    "Stray" 7-inch, Cavity Search Records (photo courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott's Hampshire College ID photo, 1987

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott with "Le Domino," the guitar he used on "Roman Candle" (courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Full "Roman Candle" record cover (courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott goofing off in Portland (courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Heatmiser (L-R: Elliott Smith, Neil Gust, Tony Lash, Brandt Peterson)(courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    The Greenhouse Sleeve -- Cassette sleeve from Murder of Crows release, 1988, with first appearance of Condor Avenue (photo courtesy of Glynnis Fawkes)

  • Recent Slide Shows

Comments

Loading Comments...