I assume most folks who use the internet have encountered at least one of the many recent news reports about the vulnerability in the SSL system which used worldwide to provide security on websites.
It seems that the entire internet, every website that uses SSL, is vulnerable and that the assumed “security” provided by it for passwords, credit card transactions, banking and every other private transaction has been fatally flawed for close to two years. All this time the entire online world has been living in a fantasy world in which our communications, financial transactions and every other “secure” operation has been totally UNsecure.
I work in the IT world for an internet retailer and I spend a goodly portion of my time dealing with security issues. Finding out that the underlying cryptographic foundation of the entire World Wide Web and internet commerce is not only flawed but has BEEN fundamentally flawed for two years is… well it’s hard to find the words… an alarm bell, a warning siren, a wake up call? It’s hard to come up with words to describe how disturbing it is at a gut level.
Internet commerce and communications is a world wide phenomenon. A large part of the financial, communications, industrial and business world is integrally tied into the internet to such an extent that it’s probably impossible to disengage from it without fundamentally restructuring all of those parts of the technological and industrial infrastructure. Some parts of the economy would simply cease to exist without the internet. And that entire growth has been based on the understanding that it was possible to conduct communications and transactions in a secure, protect fashion.
Now we’re told that one of the foundations upon which all of that is built not only doesn’t work properly but hasn’t worked properly for 2 years.
Oh it will be fixed. Indeed it has already been fixed and a replacement is available to correct the problem quite easily.
But it begs the question… if something so vital and fundamental to business, to industry and to communications could be so fatally flawed for two years without most of the world being aware… what other potential or possibly active flaw is sitting out there as a part of the internet of which we are also totally unaware?
We are becoming increasingly tied to and dependent on a system that has suddenly been revealed to have had a rather amazing flaw in its security. Will that make anyone stop and rethink increasing dependency? Will anyone reconsider whether it’s wise to increase that dependency? Will there be any discussion of the possible consequences of a future failure of that technology on our lives?
I’m not immune to it myself.
Yesterday, even after reading that story and checking to be sure we’re correcting the problem at work on our own websites, I placed an order online for a piece of bookbinding equipment after driving to a bunch of local stores and being unable to find what I needed. Even if I had found it locally I would have paid by credit or debit card which would have been processed… you guessed it… over the internet using the flawed SSL cryptography to their payment gateway.
I’ve been in the computer industry for 39 years now. The summer of 2015 will make it an even 40 years. I’ve watched the increasing dependence of the world on the expanding technological infrastructure and over the last 10-15 years I became at first concerned, later worried, more recently frightened until finally I’ve reached the point of acceptance of the fact that eventually that technological infrastructure is going to fail or break or be destroyed and the consequences are going to be catastrophic. Many people will survive it but a lot more, perhaps a majority in the industrial world, will not. I may not live to see it happen but I am as certain that it WILL happen eventually as I am that gravity works and that the sun will rise in the morning.
In 1859 a Solar Flare hit Earth and caused what is usually called the Carrington Event. It caused some fires at some telegraph stations, damaged portions of the telegraph network and created some remarkable Northern Lights seen almost as far south as the Equator. Other than those effects most people were unaware that anything unusual had occurred. The technological infrastructure was one that was, other than the nascent telegraph system, virtually immune to the effects of the EMP caused by the Solar Flare hitting Earth.
Today, as most of you know, an EMP of that magnitude, whether caused by a Solar Flare or a nuclear weapon exploded a few hundred miles overhead by a rogue nation, would utterly devastate the industrial world. Estimates are that 90% or more of the populations affected by the event would be dead within a few weeks to a few months. In the event of a Solar Flare EMP which affected the entire world the time required to rebuild technology and industry to today’s level would be measured in generations. Even in the event of a regional event caused by a nuclear device which left the rest of the world unaffected the death toll would probably still be well above 75% of the affected population and that regions recovery time would be measured in years, perhaps decades.
Despite all of those facts and the revelation this week of a fundamental flaw in the technological infrastructure nothing will be done to slow the industrial worlds growing dependence in that technology. Some meetings will be held, a few committees appointed to prepare studies which no one will read, a few talking heads on television will gain some face time, a few prepper retail sites will hold sales (how ironic is that?), a lot of news stories will be written and in a few days to a week the issue will disappear from the public consciousness to be forgotten.
Once again… Ignorance will be Bliss.
p.s. Two other news reports today caught my eye:
1. A Homeland Security study states that North Korea has the ability to launch an EMP attack at the U.S. with their existing warheads and missiles.
2. Kim Jong Un, the gentleman who controls North Korea’s nuclear weapons just had one of his “enemies” executed by flame thrower.