Even in an era where the latest hacks seem to come at a steady pace, the number of security incidents in recent days have felt both relentless and extraordinary.
The latest came Tuesday when Google security researchers announced they had discovered what could be a massive vulnerability in SSL version 3.0. They called it POODLE (Padding Oracle On Downgraded Legacy), thus giving the cutest name to an SSL flaw since the Heartbleed Bug made us all swoon.
Immediately, Mozilla and Microsoft addressed the problem in security alerts.
“All supported versions of Microsoft Windows implement this protocol and are affected by this vulnerability,” Microsoft wrote in a blog post. The company insisted that it would still be very, very hard for someone to actually exploit the flaw.
But such assurances are getting harder to swallow. This latest news came just as Dropbox was insisting that reports it been the subject of a massive breech just weren’t true. Those apparently stolen login credentials? They came from somewhere else. Phew.
Same for Snapchat. The company said the 200,000 user accounts that were hacked were done so via third-party services. Turns out, it was Snapsaved.com that was the culprit.
Not enough for you? Check out the massive hack that endangers the South Korean national ID system. Or browse through the list of big security updates posted by Krebs On Security that were released yesterday by Adobe, Microsoft and Oracle. Oh, and let’s not forget the Microsoft Windows flaw that apparently let Russian hackers steal NATO data.
And that was all just in the last couple of days. These come on the back of the massive J.P. Morgan hack. And the Apple iCloud celebrity nude hack. And so on, and so on.
For consumers, it is simply exhausting at best. And regarding the explanations of how they happened, well, most of these distinctions are lost on the average non-techie. What they know is that the bad guys are getting in and their stuff is vulnerable.
We have known in general, and the tech industry has known specifically, that we are under a growing siege by the bad guys. As more information goes online, and we are all more connected, the buried digital treasure is increasingly robust and valuable. As such, massive, well-financed crime rings and government-backed hackers are in an arms race to launch ever more sophisticated attacks.
Silicon Valley gets this. And as it tends to do, it smells opportunity to help fix the situation it did so much to help create.
According to CB Insights, cybersecurity startups attracted $1.4 billion last year in venture capital across 239 deals. The number of deals increased 19% from the previous year. And let’s not forget that big firms like Cisco Systems, Intel and Hewlett-Packard are spending big bucks to develop new products and to acquire startups to attack the security market. For the first time since the late 1990s, security is a hot thing.
And yet, even as customers spend more and more money on security, it feels like everyone is running faster and faster and we’re not even managing to stand in place.
Is it a given that we can never get ahead of the bad guys?
If so, then there is even bigger trouble coming. While people have been willing to tolerate privacy and security flaws, at some point it seems like this non-stop parade of attacks is going to blow a hole in their trust.
Imagine if people actually start to fear their smartphones, to cancel all their cloud services, to stop buying stuff online. Right now, virtually everything that everyone is working on in the tech industry takes to heart the notion that most people want to live increasingly connected lives.
Worse, many of these technologies and services are driving broader productivity gains and economic growth. If people decide they want to slow down, do less online, or put down their phones, then it’s going to create ripples felt far beyond the tech industry.
Silicon Valley needs to figure out how to change this dynamic, and break this cycle. Or it’s very possible that this place is headed straight into a ditch, and taking the Internet right with it.
From POODLE to Snapchat: With security collapsing, can anyone save the Internet?
No comments:
Post a Comment