Heartbleed, Android and the cloud: nothing's safe and no-one cares

April has come and gone and it was another highly eventful month, especially for security-related news, as the three stories below demonstrate.

1. On New Year’s Eve 2011 a German programmer submitted some code to an open-source security project. It contained a flaw that lay undiscovered for more than two years, leaving millions of websites and web users at risk.

2. The most popular mobile operating system in the world – Android – is the target of more than 99 percent of all mobile malware, according to recent data.

3. Any data stored in a cloud service run by a US provider – which is most of the big guns – is accessible by US authorities with a warrant, regardless of location.

What do these stories tell us about the tech world? Nothing is safe, privacy is an illusion and most people don't really care. Let's examine the evidence.

I find something almost comforting in the story behind Heartbleed: there was no giant conspiracy at play (if there was, Snowden would have told us) or a massive failing involving layers of management at a tech giant.

Instead two well-meaning men made a mistake. Robin wrote the code, and another man, named Steve, approved it, and they both missed the huge flaw it contained.

It was then missed by security experts and coders the world over. That’s the really worrying bit. Still, the tech community has recognised that the situation needs improving and have promised to do more to stop this happening again.

The rest of the world went about its business. There were some who reacted as a result of the revelations, but I heard many friends and colleagues say, 'I can't be bothered to change my passwords,' and no doubt many millions more said the same.

Let's move on to Android. It’s a damning indictment of just how insecure the platform is that crooks see no point in going after anything else but Android. It may also be the most popular, meaning the hit rate should logically be higher, but Google really needs to up its game.

However, what’s stranger is that despite these sort of warnings and headlines appearing with regularity, the Android user base barely seems to care. The user base for the platform is growing massively and new phones running the OS arrive almost every week.

Maybe one huge issue will come to light that affects millions and sends them scurrying to iOS, Windows Phone or home-brew devices such as the PiPhone, but even then I doubt it. Once you are happy using a system you'll just shrug off the security concerns and get on with your life. Look at Windows XP.

Finally, let's look up at the cloud: a US judge reaffirmed what everyone thought anyway – any data stored in servers owned by US firms is up for grabs, with the right warrant. Microsoft and their ilk have always said they’ll challenge these types of ruling, but usually if the government wants the data, it will find a way to get it.

For most, the news will be worrying, but use of the cloud will not be affected. A few firms may decide against it, but most will be too tempted by the cost and management benefits it offers and push to the cloud.

Perhaps the answer lies in building a series of data centres that can float offshore in international waters, free from any government’s jurisdictions. Google has already floated such ideas before, and stranger plans are already in motion, so anything is possible.

For the rest of the web world, security is a hassle that they know they should do something about, but rarely do, and it's only after an event that those affected lament their careless ways. Terrifying headlines do little to change that.

• Tweet  
• Facebook  
•  
•  
• Send to  

• Topics
• Cloud Computing
• Operating Systems
• Security
• Government
• Heartbleed
• Android
• Google