Posted by: psilva | April 15, 2014

The Weekend of Discontent


This past weekend, like many of you, I started getting the blood curdling password resets from a bunch of OpenSSL affected sites. I also got a few emails from sites indicating that I had nothing to worry about. Bad news, good news. Probably the biggest security story thus far for 2014 is Heartbleed, the OpenSSL vulnerability which potentially allows attackers to extract 64 kilobyte batches of memory at random without being noticed and leaving no trace. Sounds like the perfect crime.

It also got me thinking.

First, I wondered if this was a new era of security by force. The vulnerability and the totality of the hole forced many of us to change passwords on many sites. What a pain. It was a huge reminder that no matter how many ‘experts’ urge regular password rotation, it is a real time consuming, frustrating task. It’s no wonder that so many keep the same password for years or use the same password across multiple sites. With so many sites requiring some authentication or verification for either resources or customization, people can have hundreds username/password combinations. Sure there are password keepers but part of me is reluctant to put all my web identities with one entity. What if that gets hit? There are just some sites that I chose not to save and auto-fill but enter it every time. Then, of course, I’m susceptible to key loggers. Great.

Then there are the developers. I imagine that this past weekend was the most worked ever by the entire coding community. Administrators across many sectors were working to patch vulnerable systems all over the globe to reduce the security threat. A massive undertaking to help fix over two-thirds of the internet. The weekend work of many fingers plugging dikes was probably only surpassed by the marketers and PR folks maneuvering their stories around what it is, what’s at risk, what you should do and other FAQs surrounding this security superstar. @LanceUlanoff speculated on twitter, ‘Is Heartbleed the first Internet bug with its own Web site? http://t.co/M9u976X9ui’

With so many sites and so many people affected along with the massive media coverage, will things change? Or will this be like Y2K with a bunch of dire warnings only to have nothing major occur? Is this a wake up call or will it dissolve into yesterday’s news as new ‘breaking’ stories grab our attention? I think (and hope) that this is so critical that many organizations will be taking a more detailed look at their security infrastructure even if they are not vulnerable to Heartbleed. It forces many, if not all internet users, including the administrators themselves, to take a look at how we are protecting ourselves. It’ll be interesting to see if ‘12345678’ or ‘qwertyui’ or even ‘password’ continues to be the most popular pass codes after this massive reset.

If you need assistance with your Heartbleed crisis, click here to learn how F5 can help.

ps

Related

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Advertisements

Responses

  1. I do not know whether it’s just me or if everybody
    else encountering issues with your site.
    It looks like some of the written text on your content are
    running off the screen. Can somebody else please provide feedback and let me know if this is happening to them too?
    This could be a issue with my browser because I’ve had this
    happen previously. Thanks

    • Sorry you are having issues but my browser renders fine. Thanks for reading though!! 🙂


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: