This Heartbleed Bug is going to turn me into a hermit

this heartbleed bug is going to turn me into a hermit

Screw it. I’m done.

Someone buy me a rotary phone, a copy of the Yellow Pages, and a box of paper checks. Nothing online is safe anymore.

This is how I feel after dealing with the massive Heartbleed OpenSSL bug for the better part of a week. For two years, a majority of websites, mobile apps, operating systems, and Internet services we all use — and as a tech reporter I use way too many of them — have been open season for hacking, all thanks to a tiny error in a few lines of code in an open-source security protocol. All of our logins, passwords, credit card information, personal data — everything; it’s all out there and may have been for a while. Even Gmail was vulnerable. Facebook, too. The problem is so vast that we’re discovering new equipment and software every day that’s going to need patching and fixing. It makes Y2K feel like a fart in the wind.

The worst part is, there’s absolutely nothing we, as users, did to cause this, and we’re powerless to protect ourselves. We just have to sit here and hope we don’t die of this Heartbleed bug.

We shouldn’t call it a “bug” at all. It’s more like the horde of locusts from the Book of Revelation. Sadly, even the Bible was more optimistic than what’s ahead for the Internet. Those locusts only tormented the Earth for five months. I doubt we’ll be so lucky.

Security advisors are telling us crazy things like:

  • Don’t reset your passwords until services have been patched
  • Reset all your passwords once a service is safe, just to make sure
  • Don’t visit any affected websites
  • Don’t use any affected smartphone apps
  • Don’t make purchases online until this clears up
  • Call all your banks and services to see if they’re affected by this

The problem is that there’s no way to even know if a website or app is affected by this bug without using a search engine like Yahoo, Google, or DuckDuckGo (all of which were also hit by this bug), or downloading an app from Google Play (also affected). Most of us probably can’t find a phone number without a Web search. And the links you’ll find in these search engines might be to sites that are vulnerable themselves. Or you could find out from your email, which has probably been compromised itself.

Few companies are taking any real responsibility either. Google quietly admitted on its blog that any person with a phone running Android 4.1.1 is vulnerable to this problem, but didn’t say which handsets except admitting to DT via email that it “estimate[s] use of Android 4.1.1 to be at single digit percentages.” Sounds small, right? It’s not. There are more than a billion Android devices in people’s hands around the world, meaning anywhere from 10 to 100 million people have a phone that is open season for hackers. And those phones might continue to be exposed for months, until the manufacturers, then carriers, of said phones release an update, and those users all install said update. When are the patches coming? Who’s affected? We don’t know. No company wants to take any blame.

When every service is a potential landmine and you’re running around blind, what other option do you have?

I am positive that there are at least a few dozen services I use that are compromised by this OpenSSL Heartbleed bug. Yet I’ve received only two emails from these sites warning me. One was from a European AirBNB competitor called Roomarama (thanks, guys!) and the other was from a finance app called Manilla. Manilla wasn’t even vulnerable, but they sent me a note to make sure I check other services.

So thank you to Roomarama and Manilla for notifying your users directly about Heartbleed. You’re a lot nicer than Google, Facebook, Yahoo, GoDaddy, TurboTax, Minecraft, OKCupid, Tumblr, Pinterest, Instagram, Dropbox, BlackBerry, Etsy, Fandango, GrubHub, Hulu, Steam, Netflix, and god knows how many other services out there.

How in hell I’m supposed to think up new passwords for all these services? I don’t know.

According to a Symantec report, 552 million people’s identities were exposed by corporate or government data breaches in 2013 that weren’t their fault. In 2012, that number was 93 million. What will 2014 hold? Will we hit a billion? How many times will I have to change my passwords next year?

Today, I will browse the Web, use apps, and do everything I normally do. I have no other option. When every service is a potential landmine and you’re running around blind, what other option do you have?

I just want to give up, move to a cabin, see if I can grow a beard, buy a shotgun, and defend my gated dirt driveway the old fashioned way. Digital life is getting so complicated.

[Image courtesy of Jens Ottoson/]

Editors' Recommendations