![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
Heartbleed
I'm irrationally angry about the media response to the Heartbleed bug. (Or as I would argue, rationally angry.) Not the existence of the bug - exploits happen; it's inevitable. But the enjoinder once again to change all my passwords, a different one for every site, long and gobbldygook.
You know what? I have different passwords and different user names for everything. They're many characters long and use capital letters and asterisks and nonstandard spelling.
How much does this protect me from security bugs and backdoors, like, for instance, Heartbleed? Not at all.
(Also, how many sites do I actually keep secure data on? Not many. Hackers, you are welcome to see what manuscripts I have under consideration at what magazines and how many of my friends' facebook photos I have viewed but not clicked "like" on.)
To put it another way, I don't walk around thinking that because my house has a lock on the door that nobody can break in the window. In fact, every time my house or car has been robbed, somebody has broken the window. Usually it has cost me more to fix the window than to replace the stolen stuff. When somebody breaks in, I call the police and my insurance company.
To put it another way, every merchant who has accepted my credit card has my credit card data and could run other transactions with it. I could change my credit card number every couple of weeks, or I could take the more reasonable, normal action of checking my statements at the end of the month, flagging the rare fraudlent charge and turning it over to the police. I also don't do business with credit card companies who don't indemnify me from fraud, which they all do because otherwise their product would be worthless: to act as credit, you have to be creditable.
To put it another way, anyone at all could sell a story and put my name on it, claim I directed their film, try to vote as me, and use my social security number - it's on all kinds of public records. I could panic all the time or I could realize that I'm not a very lucrative or interesting target, and that when that stuff happens either it doesn't hurt me or I find out about it and can fix it - by which I mean demand the fooled parties fix it. Because the burden isn't on me to prove that everyone in the world but me isn't Romie, and fraud has existed since the beginning of humanity. (Note the Biblical story of Jacob and Esau. It's in Genesis.)
We're in a post-password society. We don't have magic words and secret handshakes. That only works for kids' clubs, and the Internet is all growed up.
You know what? I have different passwords and different user names for everything. They're many characters long and use capital letters and asterisks and nonstandard spelling.
How much does this protect me from security bugs and backdoors, like, for instance, Heartbleed? Not at all.
(Also, how many sites do I actually keep secure data on? Not many. Hackers, you are welcome to see what manuscripts I have under consideration at what magazines and how many of my friends' facebook photos I have viewed but not clicked "like" on.)
To put it another way, I don't walk around thinking that because my house has a lock on the door that nobody can break in the window. In fact, every time my house or car has been robbed, somebody has broken the window. Usually it has cost me more to fix the window than to replace the stolen stuff. When somebody breaks in, I call the police and my insurance company.
To put it another way, every merchant who has accepted my credit card has my credit card data and could run other transactions with it. I could change my credit card number every couple of weeks, or I could take the more reasonable, normal action of checking my statements at the end of the month, flagging the rare fraudlent charge and turning it over to the police. I also don't do business with credit card companies who don't indemnify me from fraud, which they all do because otherwise their product would be worthless: to act as credit, you have to be creditable.
To put it another way, anyone at all could sell a story and put my name on it, claim I directed their film, try to vote as me, and use my social security number - it's on all kinds of public records. I could panic all the time or I could realize that I'm not a very lucrative or interesting target, and that when that stuff happens either it doesn't hurt me or I find out about it and can fix it - by which I mean demand the fooled parties fix it. Because the burden isn't on me to prove that everyone in the world but me isn't Romie, and fraud has existed since the beginning of humanity. (Note the Biblical story of Jacob and Esau. It's in Genesis.)
We're in a post-password society. We don't have magic words and secret handshakes. That only works for kids' clubs, and the Internet is all growed up.