by SlotCarCorner » Fri Apr 11, 2014 6:14 am
You're right - from an academic standpoint, there is no such thing as 100% certainty with anything related to computer security. The old adage, "You don't know what you don't know." certainly applies to computer security - Heartbleed is just one example. At any given point in time, there are similar threats - new virus and security holes are introduced every day. I'm not downplaying Heartbleed; however, I think the media has blown it way out of proportion. Do a Google search on "Heartbleed" and you will see literally thousands of hits. At least 99% of them are journalists and self-proclaimed know-it-all's who are suddenly computer security experts. Many have no clue what they are talking about - just cutting/pasting information about Heartbleed they found somewhere else and perhaps embellishing it a bit. Why - what is their motive for doing this? Simple put - they want to drive traffic to their website (many generate advertising revenue this way) and the more sensational they can make something appear, the more traffic ($$$).
If things are as bad as you describe, the only rational solution would be to shut down the internet until somebody comes up with a solution for 100% of the servers connected. This simply is not practical and as fast as you "fix" one problem, there are 10 new ones to take its place. As new threats are identified, companies take steps to mitigate or eliminate them. In many instances, they can do so proactively but in cases like Heartbleed, they have to "react". As Ember stated previously, you need to take reasonable precautions and live your life. Are there still servers out there that are vulnerable? Sure there are. Will some of those servers be exploited. Probably - and rest assured the media will jump all over it when/if it happens.
Now suppose there were only 2 servers on the entire internet. One is running a version of OpenSSL that is vulnerable to Heartbleed and the other is not. Now suppose you're a hacker and you want to take advantage of Heartbleed. You can very quickly determine if a given server is running a version of OpenSSL that is vulnerable. Which server are you going to hack? Most would-be hackers are going to follow the path of least resistance. Now if the Chinese government wanted to hack the second server, could they? Sure - but they wouldn't use Heartbleed to do so.
Slot Car Corner, like many other businesses (Google, Yahoo, Paypal, Facebook, etc. etc.) has taken the time to due some diligence, ensure the proper controls are in place, and reassure our Customers that we are open for business. And for the record, we're not losing sleep over the Chinese government hacking Slot Car Corner. Given the steps taken to address Heartbleed (and the attention from all the media wannabe security experts...), I am FAR more concerned about other threats I am not aware of.
Peace...