Heart attack: how the Heartbleed bug confused the web world

Heartbleed
The Heartbleed bug made the internet vulnerable to security breaches and crippling paranoia.

Hardcore tech news hit the mainstream this week, with news reporters across the world given the nightmarish task of having to explain to their brain-dead TV dinner audiences what the "Heartbleed" bug is, how it works, and why it's a problem.

Most of the advice given boiled down to "Change your password and don't use 'password' as your new password," as TV and newspaper correspondents battled to break down the SSL exploit into the simplest terms possible.

In short, Heartbleed is a problem with some secure servers that means hackers could potentially capture a snapshot of the memory, a snapshot that may just contain your pet-name-based password. Hence the worry.

Of course, it took about 0.002 of a second for the first comment to be left suggesting it's not a bug and is actually a secret NSA/GCHQ backdoor, designed so THEY can see which former friends you've been suggestively messaging on Facebook.

Ronald Reagan invented it

Wired actually invited the NSA nutcases in through the front door, asking in a headline whether the Heartbleed bug was what Edward Snowden was talking about when he suggested poorly implemented encryption is easy for the NSA to circumvent.

Reader Paul Noel is well up for a bit of conspiracy action, suggesting that the NSA's probably rifling through bank accounts stealing fractions of money from us all like in Superman III. In his own, questionable, words: "The NSA definitely sacked SSL. Worse yet the NSA is probably self funding itself by the stealing of money based upon this hack. This is probably one of the reasons the arrogant bastards go before congress acting like they are the master and senators and congressmen are the slaves."

To which commenter Muddy Road mixed his security platform metaphors in asking: "Well, a lot of bitcoins disappeared... who got them?"

In response to another comment by Mr Road about how the internet is based on insecure foundations, reader GaryisaBusyGuy responded: "There is no assurance of security when the people using the products do not understand the technology. At this point, very few people actually understand the encryption tools that they are using, so the 'promise' of a secure Internet 2.0 is just marketing hype."

The eyes have it

Beneath a pretty straightforward explainer on the Independent, Elliot Carver said what a lot of simpler folk are thinking, asking: "Surely in this day an age they can invent a device like a retina scanner built into your computer that would eliminate the need for passwords?"

To which Pobotrol replied with the chilling: "They'll come for your eyes!"

Maybe a security system based around scanning the prints on our little toes might be better. If hackers snip those off in order to ransack your Paypal account it wouldn't be as a big deal as being mugged for your eye with a teaspoon.

A more serious answer came from Amnesty, who asked the forward-thinking question: "And what would you do if someone were able to capture that information and present a digital copy of your retina? You can't get a new retina (excluding major surgery of course)."

Panic like it's 1999

Brace yourselves for this next one... We found something sensible on the Daily Mail. Reader Misfit was nonplussed by the media furore, commenting: "So much panic (remember Y2k?) and not one report of this bug being exploited. Most likely it wasn't discovered and now all the hackers are saying DAMN!"

The good work done by this lone bit of sensible thought was quickly obliterated half a page scroll further down the thread by user Salenthia, who baffled the rest of the readers with the prophetic: "I had a dream that a man in a nice suit inserted a disc into a computer and kept putting money inside his jacket, tons of money two nights ago, bizarre." Sorry, not prophetic. Pathetic. Stupid auto-correct.

Over on TechCrunch, much was made about how this was the first tech crisis that seemed to arrive complete with its own logo, brand strategy and FAQ. The fact this seemed to be prepared in advance is further proof that it's all part of an NSA backdoor scheme, with commenter Danny Kastner joking of the Heatbleed site: "It's an impressive page! And it looks like they had a couple years to work on the logo as the NSA ran amuck on everyone's servers!"

Terel Walker isn't impressed by the literal bleeding heart logo, though, scoffing: "If you think it took a couple years to work on THAT logo… you clearly don't understand graphic design."

No one understands anything any more, Terel. Clueless, angry, and chasing away computers with pitchforks is the new default.