A Civilisation Built Upon Software Isn't Safe

Untraceable but potentially devastating software bugs like 'heartbleed' show we need to be a bit more paranoid and a little less trusting when it comes to internet security, writes Mark Pesce.

Go onto the web to check your bank balance, order some cheap shoes from overseas, or pay some bills. It's something we do almost every day, without a second thought, because we're reassured by the cute lock icon in the location bar of our browser. It's the sign that this connection has been encrypted, hidden from anyone's prying eyes.

That's what the banks have told us. That's what the online retailers have told us. That's what all of the people who make billions from connected commerce have taught us to believe. A secure connection is invulnerable.

Or not.

On Tuesday morning, Australia time, internet security researchers announced the existence of the 'heartbleed' bug. Heartbleed exploits a bug in the encryption software running on computers used by banks and retailers, exposing to hackers all sorts of information that's meant to be completely secure - credit card numbers, passwords, even the keys used to encrypt the connection. With one of those keys, a hacker could create a fake e-commerce website that acts just like the real thing - down to the lock icon in the browser - using it to scoop up even more personal data.

You can read more here.