Programming World Stunned By Bug

Posted on April 29, 2014

By Allysa Faye Greganda

It’s time for tech companies to fund a team that constantly checks the strength of everything that is in the internet. These days, we depend on the Internet for half of our lives. Weenjoy its benefits, but surely no one wants to be victimized right within the tip of his own fingers.

Out of the 7 billion people alive as of this moment, 2 billion are actively using the internet. You are actually one of those 2 billion people who risk personal information, transaction records and confidential details with an average of 30,000 hacking attempts every day. The figures do speak of something. But the question is, how sure are you that you’re not a part of the 30,000 incidents per day?

We are not new to the tactics of hacking—the stealing of data that can be possibly used to access bank accounts and whatnot. There is a long history of serious hacking incidentsthat have caused companies to shut down and lose millions of consumers. Take Mt. Gox as the perfect example.This is the world’s largest bitcoin exchange company, and it has been hacked of $450 million some months ago.

To hack a website or a person’s account, it usually requires direct contact and the person unknowingly giving permission to inject a virus that will get through the encryptions. Just weeks ago, the internet community was stunned when three engineers discovered the Heartbleed bug that’s been in existence for two years already. No programmer has ever thought that a bug, a simple programming error, can be the biggest flaw in the history of the internet.

World Weak Web

Last April 3, 2014, engineers from Codenemicon and Google found out about this serious hole in the internet. For the non-techie’s information, the internet is a virtual world. There are a lot of places to visit there, and these are called websites. Each website has its TLS (transport layer security protocols) to filter information, and to keep and protect them. Using this method will keep our personal details from being stolen by hackers. But why is it vulnerable to be attacked if TLS is supposed to secure information?

The hole in the websites came from a software called OpenSSL. This software as well is an implementation of the TLS. In other words, OpenSSL is like an operating system used by website hosts. This software is created by a group of programmers and is offered online for free. This is the only available software for TLS. That is why 66% of websites according to Netcraft’s April 2014 Web Server Survey uses OpenSSL. And this 66% as well has been using the latest version of OpenSSL, which is recently discovered to contain a vulnerable code for a span of two years, since its release last 2011.

Because it is the only available software, even less-visited websites use this, including government websites in the Philippines. Yet, no oneknew if someone noticed the bug earlier. Someone could have, but the person never reported it because he might have taken advantage of the weakness. There are many rumors about the possible abuses made before the bug was discovered, yet those werenot proven.

Debugging The Problem

The good news is, 33% of websites in a span of two years were safe from the vulnerability especially the most-accessed social networking sites like Facebook, Twitter, Pinterest, Google, Yahoo and others . The other good thing is, Open SSL was able to release a solution, a patch file just a week after the report to cure the problem. It was announced that the internet community is safer, but not totally until everyone has updated their TLS. The least a normal user can do is to constantly change passwords as frequent as possible. Users should always countercheck if the websites they are trying to access are safe enough to engage with. We should also keep updated if any new mode of attack is spreading.

This incident should be taken up seriously. Hacking is illegal and is considered a serious crime. Weshould not be relaxed about it because a number of victims were caught unguarded. Hackers break into systems forpersonal, and often criminalreasons.Everyone should get involved. Google and Facebook are just fortunate enough to hire skilled programmers to defend its system from intruders. But how about the others?

How about the safety of the entire community? Since the internet is a virtual realm, then just like in the real world, there must be a team to ensure the security of the netizens. There is always a tendency to commit human error. However, two or more heads are better than one, as they say.

(The author is a graduating student of AB Communication in the University of Perpetual Help System Laguna. She is currently working as an intern for OpinYon.)