Huffpost Technology
THE BLOG

Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors

Shane Paul Neil Headshot

Three Things We Have Learned From the Heartbleed Fiasco

Posted: Updated:
Print
Heartbleed.com
Heartbleed.com

The dust has at least begun to settle around the Heartbleed bug. The news cycle has spun forward, passwords have been updated, patches have been created and a million articles and blogs have been written. While we are inevitably doomed to repeat this cycle (ILOVEYOU, Nimda, Storm Worm, etc) it can't hurt to see what real news Heartbleed has brought to the light of day.

We are all vulnerable all the time

Open source, proprietary, apps, it doesn't matter. Heartbleed managed to touch any and everything in its path. As security experts and code analysis tools like Checkmarx and Clang fill in vulnerabilities everything that exists in the digital realm including our money and identities are constantly up for grabs. The sooner we come to grips with that reality the better off we will all be.

The NSA does not care about you

Whether you believe the NSA was opportunistic or inventive, it's clear that they are not about your internet security. We all knew that the NSA lurked in the backgrounds of our email, web history and financials but we all believed that they at least wiped their feet and closed the door behind them when they were done. Instead we learned that they are the equivelant of the babysitter who throws a make out party in your living room while you are gone.

Unaffected corporations avoided Heartbleed in the worst possible way

Some of the companies who avoided the wrath of Heartbleed did so for one reason They hadn't updated their software. A few weeks ago I had the opportunity to observe a panel discussion with several higher-ups of some very recognizable companies including a tech firm and a financial management company. When asked about Hearbleed at least one of them openly admitted that they were immune due to running older software. While this faux pa may have had a positive result this time what are the chances that these lapses played a role in a host of other security breaches.

In the end while none of this is great or new news they have at best become manageable truths.

From Our Partners