Unless you’ve been living under a rock you’ll know what Heartbleed is. For those who need a quick refresher it’s a bug discovered in OpenSSL software. Basically it’s a line of code allowing people to read encryption data like passwords, logins and private information. Not good, right?
Consumers and computer users are obviously fairly freaked out when a major security issue makes headline news. It becomes particularly hard when you get conflicting advice. The first news reports told people to change their passwords immediately. The second response told them to hold off because they could actually do more harm than good. Facebook and Google told reporters they had developed a “patch” (a diversion, essentially to bypass the errant code) and therefore users did not need to change their passwords. However reports suggested changing passwords before this was done could expose both the new and old passwords to malicious users.
Confused yet? The advice from the BBC is their round up when they spoke to various specialists is that over the next few days we should all think about changing our passwords.
This is what some security analysts have described as an 11 on their scale of 1-10 of the bad things that can happen on the internet. It’s a serious breach and it’s understandable that people are a bit worried. But the biggest issue comes with a lack of clear and concise information that’s easy to understand.
Imagine if you had just installed a new intruder system at your home. A couple of weeks later you’re sitting at your desk in work and you get a text from the company that installed the system. They tell you they think someone might possibly have broken in and you should race home. Just as you’re throwing yourself into your car they text you again to say actually if you go home you could be putting yourself in danger so you’re probably best staying exactly where you are. How would you feel? Pretty irritated and frustrated and not at all safe.
When big internet giants send out misleading information it makes it look like they haven’t checked all the facts, especially when the message gets changed a few hours later. People want to get the right information, not a half answer that could throw them into danger.
There’s also a major issue because while a lot of people might spend a huge portion of their life online they don’t fully understand all of the technology and security systems involved. Whether that is right or wrong it emphasizes the importance of internet providers and those in the know to spend time educating their customers. Ignorance is not bliss and we all need a little hand-holding when we’re scared that we might have been the victim of a security breach.
The cloud is a wonderful thing and we’ve talked a lot on these pages about how it has revolutionized business and services. Yet looking after a third person’s data is a huge responsibility and no one can take that responsibility lightly. And this week, when you get round to it, change your passwords. You should be doing it regularly anyway.