If you have heard in the news about the current big computer data security hole, often referred to as the OpenSSL heartbeat or CVE-2014-0160 you probably wonder how it affects you.
Well it’s been around for 3 years. Hackers have been able to eavesdrop on your encrypted communication. During all these times everyone told you that your bank is secure, your email is secure, as long as you use HTTPS and SSL. Just as FUD (Fear, Uncertainty and Doubt) can create an illusion of making the right decision, so can NGJ (Naive Gullible Jumpingtoconclution) also be an entrapment and give you a false sense of security.
You can believe HTTPS will protect you, when it is not, and you can think it helps to download a patch and install the openssl-library 1.0.0f and above. Sure, the known bug in the above CVE will be fixed for you – but there are other undiscovered bugs waiting to emerge tomorrow, in one month, in a year or in this case in 3 years.
Always use multiple layers of security. Don’t trust your data is safe just because some fucked up opinion that something is safe because it is theoretically safe. Always assume that out of 2 layers of protection, one are compromised and you do not know which. Use your own encryption on top of another encryption.
Banks, Corporations and Governments know this, and they are too stupid to let you know and/or to enforce good security.