Tuesday, April 15, 2014

Heartbleed - unveiling a curious quirk in humanity's heart

Well, this week's been interesting so far, ain't it? Look around the internet, and you'll see that the biggest news story of the week (nay, of the bleedin' decade) has been this heap big palaver about the Heartbleed bug. Yes, this was the week that the internet collectively cacked its pants, because... well, let's not play down the seriousness, Heartbleed is one of the worst security threats to ever hit the internet.

It is, in short, a clustersmurf of epic proportions. 

But - and this is a big but - the most interesting bit about the Heartbleed situation, for me, is that it illuminates one surprisingly prevalent trait of human nature: humanity's inherent propensity for running round like headless chickens, proclaiming that the end is very bloody nigh. And do ye know what? It's all evolution's fault...

I'll get onto that in a minute, but first... Heartbleed. Yes. It's nasty. It's not a virus (so ignore anyone who says it is), but a flaw in the OpenSSL security thingummies that a lot of sites (and some Android phones, and some broadband routers) use. In simple terms, it's a vulnerability that lets malicious types grab information from unpatched servers (hence why you need to change passwords, but why you also need to wait until a particular server - say Yahoo or Google, which have both been patched - has been fixed, because there's no point in changing your details while it's still vulnerable).

Yes, it's bad. Really very bad, in fact, but there's been a whole ton of misinformation spread about the situation since the news broke over the weekend. And why has there been misinformation?

Why yes! It's humanity's propensity to cack itself, and run round whimpering, at the drop of a hat! It's a weird one, that, because every single one of us realises, on a rational level, that you only get things solved when you stop panicking and get your backside in gear to actually solve it, so why do we keep doing it (and yes, I mean every human ever; training helps people to not panic, but the instinct is always there, as is that little blip of random, existential, falling-sky terror)?

Like I said earlier, I honestly believe that trait has a simple explanation, and it's all the fault of evolution.

Humanity is very good at seeing worst-case scenarios, y'see, and in this case, the worst-case scenario is "everyone in the known universe's identities being stolen, and the lives of everyone on the planet ruined".

Now consider our distant ancestors in Africa, where the worst-case scenario was "slide unhappily down a lion's gullet"; evolution selected for whatever genetic (or memetic/cultural; could go either way, this one, although the fact it's still hanging about today makes me think it could well be some genetic thingummy coding for a bit of the brain) trait made our ancestors more paranoid about worst-case scenarios, because if they weren't on guard for the worst-case, they'd end up (eventually) as lion poo.

Let's call it the CAN'T SLEEP EVERYTHING WANTS TO KILL ME instinct.

And thus, because there's never been any real evolutionary pressure for that instinct to disappear, we still cack our pants at the slightest provocation, and shout out to the world that danger is coming (it's especially humorous if we do that while having a friend called Will Robinson), because warning your mates (about Heartbleed, or bad weather if they're driving, or whatever) means that our mates don't get eaten by lions.

Heartbleed is our modern version of EVERYTHING WANTS TO KILL ME.

So, panic like this is natural, but - and again, it's a big but - raw panic is less than useful in getting things done, and this is why it's a good job plebs like me aren't in charge of fixing the Heartbleed situation (and it will get fixed, never doubt that, even though it'll take a metric arseton of work). Yes, you need to check that any sites you use have patched their servers, and yes, you need to change every single one of your passwords the second that the server it's used on is patched (again, no point changing it till the server's patched), but get past your inherent panic reflex, keep a calm head, actually get stuff done, and things shall turn out alright.

Until the next time, anyway, because when people say things like, "Security threats don't get bigger than this," I can't help but feel like they're tempting fate...

The ever-expanding and growing Cynos Union Series is available to buy now! Subscribe for more news from the world (and brain) of Mark W. Bonnett! 

No comments:

Post a Comment