Let's not panic like it's 1999 as we clean up after Heartbleed ...

By Andrew Smith, The Open University

Take a moment to jump back in your mental time machine to 31 December 1999. It was the biggest New Year’s Eve for a thousand years. The dawn of a new millennium. But as we prepared to party, the world was also gripped by the fear that digital infrastructure was about to come crashing down around us.

For all we knew, the millennium bug would hit at midnight, causing untold havoc on the computers upon which we had come to depend. Those of us old enough to remember may have felt a similar sense of dread over the past few weeks as we faced the implications of the Heartbleed security flaw.
We were caught in the hype in 1999 and let others dictate what we needed to do. That left us vulnerable to people who wanted to take advantage. We should learn our lesson from that time as we deal with Heartbleed and as we approach the next big security glitch.

The apocalypse that wasn’t

The millennium bug, also known as the Y2K bug, was a real issue, a throwback to historical programming from the 1960s and 1970s.

For many years, operating systems, hardware, software and many other devices made their calculations using a two-digit date. The switch from 99 to 00 as the millennium came to an end meant that some systems, such as those used by your bank, would be thrown into immediate chaos. They wouldn’t know if it was 1900 or 2000.

The story went that many critical systems, including air traffic control, security control systems and financial systems all used date and time to assist humanity in completing their automated tasks. If they were confused about the date, human safety and security could have been on the line.
The millennium bug came with considerable hype and scaremongering in the press. Some outlets discussed the potential for planes to simply fall out the sky. Whether you were around in 1999 or not, you probably know that this didn’t actually happen in the end.

But even though much of the hype was unwarranted, the millennium bug was a realistic concern. By 1999, the internet was popular across the world, even if it wasn’t the backbone of our very existence. Home computers were becoming a standard feature and many societies had become dependent on computer technology to support everyday experiences. Online shopping had already begun and many of us were already printing out tickets for economy airlines.

Cynics would say that some IT experts profited from Y2K, making a killing from the fear, hype and misunderstanding that surrounded it by selling advice and software to protect against the worst.
While Y2K didn’t cause total societal meltdown. There were still some problems. Some cash machines and card readers failed, for example, and were out of action for around two days. But many of the big issues it might have caused were addressed in advance of New Year’s Eve.

Learning the lesson

Considering the current media coverage of Heartbleed, you could be forgiven for thinking that we have not learnt from history.

Just as in 1999, the general public was heavily implicated. Up to 60% of websites were vulnerable to the Heartbleed security flaw, but users of those sites were left with mixed messages. Should they change their passwords? Was their bank, social network or email under threat? Would they be robbed? Would their identity be stolen? Is it the end of the internet as we know it?
As the media spread panic, people all over the world struggled to keep up. But now that we know we should probably change our passwords to be on the safe side, how many people have actually done it? Probably only a tiny fraction. Still, the internet has not crumbled. A security meltdown has not yet been reported.

For both Heartbleed and the Millennium Bug, the problem was real, issues have occurred for both. But with intervention from technical experts, the issues were both eventually resolved. While Heartbleed may linger for a little while longer. I doubt the Millennium Bug remains an issue.

Hopefully, Heartbleed has taught us all to be a bit more careful about our passwords and it should serve to prove that panic helps no one. On the other hand, the disasters averted in 1999 and 2014 should guide us as we start to look to 2038 – the year when the next big bug could hit our systems.
But maybe you should start thinking about 2038. This is the next date that could confuse our computers. It is a while yet before anyone should be concerned but it is still a mathematically likely issue.

In all technology reports, when you start seeing every expert saying different things, it can be difficult to know how to act. That is because collectively we do not yet know the the extent of the problem. So, the best thing, is to stay calm, wait, and make an informed decision rather than react to the first piece of advice that comes your way.

The Conversation
Andrew Smith does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.

This article was originally published on The Conversation. Read the original article.

Comments

Popular posts from this blog

If airlines offer in-flight Wi-Fi, they should invest in an extra black box for security ...

Wikipedia editors never walk alone: Hillsborough changes can be traced ... from @ConversationUK

Highlights and lowlights of 2014, a golden year for cybercrime from @ConversationUK