With bugs in the system how safe is the internet?

May 01, 2014 by Alastair Macgibbon, The Conversation
Popular web browser Internet Explorer the target for the latest security vulnerability. Credit: Flickr/Hash Milhan, CC BY

It seems hardly a week goes by without a major cyber security flaw exposed that could be exploited across millions of internet and mobile connected devices.

This week it was the Internet Explorer browser's turn with Microsoft warning of a vulnerability in the software that needs to be patched. Before that it was the Heartbleed vulnerability found in the Open SSL software used to encrypt communications between us and perhaps 60% of the world's websites.

NSW police warned this week that Eastern European gangs in Sydney have been busy conducting scaled skimming attacks against ATMs, stealing card data and PINs.

Before Christmas US retail giant Target lost control of millions of customer credit card details when point of sale devices were compromised after an attacker initially entered their corporate systems via an air conditioning and heating maintenance interface.

And diplomatic relations have been harmed – and cyber citizens infuriated – by mass data surveillance by governments exposed in files leaked by former NSA contractor Edward Snowden.

What does this tell us?

We increasingly rely upon complex software and hardware for our professional and personal lives. They run the critical systems upon which our society and economy depend and yet these connected devices are not as robust as we'd like to tell ourselves.

While some tech giants market themselves as the safer option, immune from cyber nasties, we should avoid falling for the hype: there but for the grace of God go they. In fact, it's more likely that they have been and are compromised, we just don't know of it yet.

For years Microsoft was lambasted as an unsafe operating system, when the reality was that criminals devoted considerable effort to breaking their product because it was on more computers and thus a bigger addressable market for those criminals.

Figures for March this year show Microsoft's Windows operating system has 91% of the market share compared to 8% on Apple's Mac with Linux users just 1.5%

As the mix of operating systems has become more complex, then exploits have become more common across the board. This is best illustrated by the growing list of malware specifically designed for Google's Android mobile operating system.

So many options for hackers these days and computer crime on the rise. Credit: Flickr/Jenn Vargas, CC BY-ND

No time to act

We are learning that some vulnerabilities are in the wild for years before being exposed, leaving attackers ample time to conduct their business. These "zero day" (as in defenders have zero days to prepare against an attack) exploits were once considered to be theoretical only, but are now commonplace.

Despite dire warnings of the end of the internet as we know it, both the internet and its users are more resilient than we give them credit for, and in many respects it is business as usual online.

But that doesn't mean we should be complacent.

We know that computer crime is on the rise and criminals have access to hundreds of millions of stolen credit and debit card information. We know that they have control of millions of computers where they can extract our private data, use our computers as spam devices, or as part of large scale "botnet" armies that can launch denial of service attacks against . We know that huge amounts of corporate intellectual property has been plundered and transferred, lessening the economic viability of those companies.

We should be heartened by the fact that there are honest people working feverishly to protect us: security researchers and technicians who keep building better mouse traps.

Police and regulators are doing what they can to track down cyber criminals while educating end users and companies about how to be safer such as the federal government's Stay Smart Online campaign. There are many responsible companies investing in updating hardware and software.

Like so many social issues though this problem won't be fixed any time soon. Perhaps it never will. But it won't all come crashing down around us either, in spite of some media reporting.

Beware of fear fatigue

There is always the danger that people become complacent as more and more security threats are reported so it's important to be aware of the risks and take note of any advice.

Operating systems in use - March 2014. Credit: Net Market Share

Simply asking people to swap to alternate software or systems is not always the best as it assumes those other options are safe. As I said before, are they safer?

So what's the best advice on how to get by in this threat environment?

As end users, we need to make sure we have unique and hard to guess passwords, and change them often. We should patch our software with updates as often as they are available. We need to use where possible.

When it comes to using the internet we must be careful where we visit on the web and whose email and other messages we open: just like in the offline world there are safer places to visit and people to interact with.

But we must also demand more products that are fit for purpose, just as we do with the safety standards of physical consumer products.

We should expect companies to understand the value of the business they do with us, and of our data that they hold in trust. Boards and CEOs need to care about this as much as they do about their brand.

Explore further: US warns on use of flawed Microsoft browser

add to favorites email to friend print save as pdf

Related Stories

US warns on use of flawed Microsoft browser

Apr 28, 2014

A US government cybersecurity watchdog warned computer users Monday against using a version of the Microsoft Internet Explorer browser with a security hole that could allow hackers in. ...

Heartbleed could harm a variety of systems

Apr 11, 2014

It now appears that the "Heartbleed" security problem affects not just websites, but also the networking equipment that connects homes and businesses to the Internet.

Which phone is most vulnerable to malware?

Apr 30, 2014

As each new computer virus attack or vulnerability comes to light, millions instinctively check their computer to see if their anti-malware application is up to date. This is a good idea and they are wise ...

'Heartbleed' bug a critical Internet illness

Apr 11, 2014

The "Heartbleed" flaw in Internet security is as critical as the name implies and wider spread than first believed. Warnings about the danger exposed early this week reached widening circles on Thursday, with everyone from website o ...

Recommended for you

US won't reveal records on health website security

Aug 19, 2014

The Obama administration has concluded it will not publicly disclose federal records that could shed light on the security of the government's signature health care website because doing so could "potentially" allow hackers ...

Premier FBI cybersquad in Pittsburgh to add agents

Aug 17, 2014

The FBI's premier cybersquad has focused attention on computer-based crime in recent months by helping prosecutors charge five Chinese army intelligence officials with stealing trade secrets from major companies and by snaring ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

eric_in_chicago
not rated yet May 01, 2014
q: "With bugs in the system how safe is the internet?"

a: "Not safe enough to surf with microsoft products..."