Monday, October 13, 2014

Heartbleed, Shellshock and Co: Why the Internet to Participate must – Handelsblatt

Dusseldorf beach near apartments on the Baltic Sea, a house with pool in Croatia, a country cottage in the Bavarian Forest, the Internet portal, whose name shall not be mentioned here, helps in the search for comfortable vacation rentals. But who has entered there in the last few months his personal data, could experience an uncomfortable surprise.

For the operator of the German site has only a few days closed the security hole that shook the Internet industry in April under the name Heartbleed. Attacker could steal supposedly protected data in the portal via a bug in the OpenSSL encryption technology – such as when users want to reserve a holiday home.

This example illustrates a serious problem: open and free systems (experts talk about open source) are the main pillars of the Internet, which are installed in millions of websites and online services. Nearly all businesses and government agencies use them – but make far too few, how resilient they are at all. This applies to OpenSSL as well as the widespread Linux bash function, in which a developer also recently discovered a serious security vulnerability called Shellshock.

With open software probably everyone comes in contact, and indeed every day: When you invoke a Web site, for example, in the browser, the data is probably delivered by a server, running with Linux and the Apache software. “Open source is very strongly represented in the network environment,” says Joachim Müller, of the area of ​​IT security passes at the Bielefeld management consultancy Ceyoniq Consulting. The same applies to routers and firewall systems.

Many companies also use open code available, so as not to have to program everything yourself. “You can develop economically meaningful only if one relies on seasoned products,” says Müller. This is especially true for something as complex as encryption – so OpenSSL has become a de facto standard.

Confidence in Linux & amp; Co. is generally large. Because the program code of open source software is open, so everyone can check it and improve. The promise is: The developer community together improves error and closes loopholes. Therefore, open source programs have the reputation of being particularly safe.

But at the swarm intelligence, the crucial question: How big is the swarm? Heartbleed and Shellshock show: not always large enough. “As long as you can rely on others to invest, you have to do anything,” says computer science professor Christoph Sorge of the University of Saarland. This is the “tragedy of the commons” – the common property invites sometimes irresponsibility.


No comments:

Post a Comment