Share on Google Plus Share on Twitter Share on Facebook Share on LinkedIn Share on PInterest Share on Fark! Share on Reddit 1 Share on StumbleUpon 1 Tell A Friend (2 Shares)  
Printer Friendly Page Save As Favorite View Favorites View Article Stats   No comments

General News

The bigger threat is the National Security Agency: Despite Heart Bleed, the Internet’s Alive and Well!

By By Alfredo Lopez  Posted by Dave Lindorff (about the submitter)     Permalink       (Page 1 of 3 pages)
Related Topic(s): ; ; ; , Add Tags Add to My Group(s)

Well Said 1   News 1   Valuable 1  
View Ratings | Rate It

opednews.com Headlined to H2 4/16/14

By Alfredo Lopez


A wounded Internet exposes the true evil of the NSA ( by ThisCan'tBeHappening)

Some are calling it a "worst nightmare". There have been dire predictions that it represents the end of the Internet or that there is, in fact, no real Internet security or that Free and Open Source Software is dangerous to use.

One thing is sure. The week-old saga of the Heart Bleed flaw (or bug) and its potential exploits has shown more light on the Internet and its security issues than anything else in recent memory.

Like so much coverage of these security issues, however, this outcry is misdirected. In reality, the flaw gives us an excellent example of how the Internet works when it's at its best. How Free and Open Source software is developed, how prominent and important it is, how well its development system works and why security is, in fact, simple and possible.

It also shows how our government doesn't care about our security: ignoring major threats to the Internet and then apparently exploiting them to spy on us -- for as much as two years.

These are valuable lessons demanding that we understand what really happened.

The Heart Bleed flaw affects servers -- the machines that operate your Internet services: store websites, serve email and do whatever you need the Internet to do. It won't directly expose the storage or memory of your personal or home computer.

It is a flaw in the code of a library of programs called "openssl", the most popular programs for Internet encryption and security. Openssl works on most on-line credit card transactions, encrypted email, encrypted chat -- anything you do on-line securely. That ubiquity affects us all because we all, at one time or another, communicate with a server using openssl and many of us do that very often.

The flaw affects the RAM (random access memory) of a server. RAM is not disk storage. It doesn't hold all your data or all the data on a server. It's a part of a computer (most often on a circuit chip) that keeps a short-term record of what you just did so you can read what you just wrote or benefit from your interaction with a program you just interacted with. This isn't easy to understand because we're all used to viewing our computers as high-tech typewriters. But when you type a stroke into the computer, it doesn't automatically appear on your screen. It goes through the computer's processor and then into RAM so that the computer can then copy it from the RAM onto your screen.

RAM is lightning fast -- much faster than storage devices -- so it responds immediately. To be that fast, it must be relatively small and so information on it disappears quickly. If you're doing a lot on a computer, it often over-writes itself. In any case, it doesn't store anything permanently.

If you type something into an on-line environment (like a website form) that is supposed to be secure, openssl encrypts it and then sends it to RAM. For instance, when the server is checking your username and password to let you into a particular section of a site, it holds what you type in RAM while making its check.

That's where Heart Bleed comes in.

When your web browser (or any computer program for that matter) contacts a server, it exchanges an initial "are you there?" signal called a "heartbeat" (that's where the exploit's name comes from). The flaw in the openssl code allowed a savvy user to send a request to the RAM of a server using openssl and fool the server into not only acknowledging the request but handing over a portion of its RAM. Now the exploiter has data that could include username/password combos that were just typed in or credit card information that was in the process of being verified as well as all kinds of other information.

This affects the operations of most of the world's websites since security is so generalized on the Internet. What's more, it directly affects sensitive information (like encrypted messages and credit card information) because that's the kind of information we use openssl to protect.

It is a frightening and humbling development. If it had been discovered by hackers world-wide and then used heavily, this would have been a disaster.

Next Page  1  |  2  |  3

 

The views expressed in this article are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.

Writers Guidelines

Contact Editor

Most Popular Articles by this Author:     (View All Most Popular Articles by this Author)

Israel's Gaza Atrocities Recall America's Atrocities in Vietnam

The Case for Impeachment of President Barack Obama

Barack Obama: Manchurian Candidate Version 2.0

Free John Walker Lindh, Bush's and Cheney's First Torture Victim!

What Nobody's Saying: The Bailout Will Kill the Dollar

Comments

The time limit for entering new comments on this article has expired.

This limit can be removed. Our paid membership program is designed to give you many benefits, such as removing this time limit. To learn more, please click here.

Comments: Expand   Shrink   Hide  
No comments