The real reason you should be freaking out about Heartbleed

A catastrophic security vulnerability gave the keys to just about everything to the surveillance state. Accident?

Topics: heartbleed, Security, Privacy, NSA, snowden, Edward Snowden, openssl, encryption, ,

The real reason you should be freaking out about Heartbleed (Credit: alengo via iStock)

There are many reasons to be concerned about “Heartbleed,” the catastrophic vulnerability in the Internet’s most popular security technology that was  disclosed on Tuesday. For one thing, it’s not even clear what we, as individuals, should be doing about it. At the Atlantic, James Fallows is strongly urging that we change our passwords to our most crucial online services right now. But other experts are advising that we should wait a day or two, until potentially compromised sites have upgraded their software. Otherwise, we’ll just be handing a new password over to an already-busted security system.

That’s nerve-wracking, but not quite as anxiety inducing as the speculation floated by Bruce Schneier, a longtime security analyst with impeccable credentials.

At this point, the odds are close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.

By “odds are close to one” Schneier means that the likelihood that the Heartbleed bug has already been exploited by everyone from the NSA to to the People’s Liberation Army is close to 100 percent. But even more distressing is the notion that this might not have been an accident.



A year ago, most of us would likely have scoffed at such paranoia. But in the post-Snowden world, one in which we have proof that the NSA was covertly breaking into the communications infrastructure of companies like Google and Facebook, nothing seems impossible. Given what we know now, in fact, it seems almost inevitable that something like this would happen.

Presumably, a fair amount of investigation attention is about to be devoted to the question of how this particular bug ended up in the code for OpenSSL. It will be instructive to track that story. In the meantime, yeah, probably a pretty good idea to change your passwords. Perhaps more than once, this week.

Andrew Leonard

Andrew Leonard is a staff writer at Salon. On Twitter, @koxinga21.

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 13
  • Close
  • Fullscreen
  • Thumbnails
    Clare Barboza/Bloomsbury

    Uncommon Apples

    Api Étoile

    Like little stars.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Calville Blanc

    World's best pie apple. Essential for Tarte Tatin. Has five prominent ribs.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Chenango Strawberry

    So pretty. So early. So ephemeral. Tastes like strawberry candy (slightly).

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Chestnut Crab

    My personal fave. Ultra-crisp. Graham cracker flavor. Should be famous. Isn't.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    D'Arcy Spice

    High flavored with notes of blood orange and allspice. Very rare.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Esopus Spitzenberg

    Jefferson's favorite. The best all-purpose American apple.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Granite Beauty

    New Hampshire's native son has a grizzled appearance and a strangely addictive curry flavor. Very, very rare.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Hewes Crab

    Makes the best hard cider in America. Soon to be famous.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Hidden Rose

    Freak seedling found in an Oregon field in the '60s has pink flesh and a fragrant strawberry snap. Makes a killer rose cider.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Knobbed Russet

    Freak city.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Newtown Pippin

    Ben Franklin's favorite. Queen Victoria's favorite. Only apple native to NYC.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Pitmaston Pineapple

    Really does taste like pineapple.

  • Recent Slide Shows

Comments

Loading Comments...