Get breaking news alerts via email

Click here to manage your alerts
Op-ed: ‘Heartbleed’ should give us all a jolt

The Washington Post

First Published Apr 14 2014 05:51 pm • Last Updated Apr 15 2014 11:19 am

Tens of millions of Americans have been affected by the theft of their personal information in the digital age. In a recent major data breach at Target stores, numbers and names were taken from about 40 million customers, and many millions more suffered compromises in other personal information such as e-mail addresses or phone numbers. The victims trusted their retail stores, their credit- and debit-card issuers, their banks, and such security measures as a four-digit personal identification numbers, to protect their information.

At least the credit- and debit-card system was somewhat understood by those who suffered in the Target scam, which siphoned data from the store card-swiping machines. Who understands the vulnerability of OpenSSL? This is a small piece of incredibly important software that is largely hidden from users. It protects encrypted data on Web sites and is in use around the world. Remember that little padlock you saw when you typed in a credit card number or personal information when making a purchase online? It meant "secure," or safe, right? Wrong.

Join the Discussion
Post a Comment

Last week, it was discovered that a bug had crept into OpenSSL that could allow intruders to read encrypted data contained in memory, such as passwords or credit cards. The bug has been called "Heartbleed" and could allow attackers to eavesdrop on communications, steal data and even impersonate users and Web services. Computer security expert Bruce Schneier called it "catastrophic" and said that on a scale of one to 10, "this is an 11." News about the bug has sent people racing once again to protect themselves and change their passwords to avoid further damage or loss.

If a tiny piece of malware could steal millions of credit card numbers at Target, or if a bug could make vulnerable the encryption offered by OpenSSL, then what should we think about whether it is safe or wise to control the electric grid via the Internet? We are living in an age of growing danger but reacting with complacency. The administration unveiled a useful initiative on Thursday, promising that sharing cyberthreat information among companies would not bring on antitrust liability. But this, and President Obama’s other measures, including his voluntary cybersecurity framework, represent only what is doable given a continued lack of a consensus in Congress and a failure in the private sector to take all threats more seriously. They are timid measures in the face of an epic heartburn that will be costly for us all.

Copyright 2014 The Salt Lake Tribune. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Top Reader Comments Read All Comments Post a Comment
Click here to read all comments   Click here to post a comment

About Reader Comments

Reader comments on sltrib.com are the opinions of the writer, not The Salt Lake Tribune. We will delete comments containing obscenities, personal attacks and inappropriate or offensive remarks. Flagrant or repeat violators will be banned. If you see an objectionable comment, please alert us by clicking the arrow on the upper right side of the comment and selecting "Flag comment as inappropriate". If you've recently registered with Disqus or aren't seeing your comments immediately, you may need to verify your email address. To do so, visit disqus.com/account.
See more about comments here.
Staying Connected
Contests and Promotions
  • Search Obituaries
  • Place an Obituary

  • Search Cars
  • Search Homes
  • Search Jobs
  • Search Marketplace
  • Search Legal Notices

  • Other Services
  • Advertise With Us
  • Subscribe to the Newspaper
  • Access your e-Edition
  • Frequently Asked Questions
  • Contact a newsroom staff member
  • Access the Trib Archives
  • Privacy Policy
  • Missing your paper? Need to place your paper on vacation hold? For this and any other subscription related needs, click here or call 801.204.6100.