We’re going straight….to…the wild wild west

Heartbleed logoSo I’m sitting on the train, just going home after a long day at work. And this guy comes and sits next to me. Clean-cut sort of guy, wearing a suit that maybe isn’t quite the right size for him, but still it’s a suit. He’s also still wearing the nametag from the bank he works at.

Anyway, he sits next to me on the train and starts up a conversation. I’ve never met him before and I’m not used to random strangers just striking up conversations with me, so I’m naturally a little weary. Except like I said, he just looks like a guy who has also finished his day’s work and is on his way home. 

And then as we approach my stop he says to me, he says “hey buddy, can I get your credit card deets?” and he says “deets” too, not details.

He’s shown himself to be a nicely, well-spoken bloke – and he does have a nametag for the bank that my mortgage is with. So I reckon it’s legit, I say “sure” and I give him my credit card details.

And I hope that as we read the above paragraphs, we all think to ourselves “well Dave, that sure was silly behaviour. You shouldn’t just trust people you don’t really know like that. And you should certainly always be suspicious if it involves your money in any shape way or form.”

And I say to you “exactly.”

The Internet isn’t different from the real world. We are suspiciously not trusting of people who ask after our finances in the offline world, so we should be equally – if not more so- online.

The (admittedly clumsy) analogy I was obviously drawing was the phishing email you get that purports to come from your (any) bank and asks you to login because something something security. And they work. Frighteningly often.

But that’s at the more obvious end of the spectrum. That’s where I, as a willing participant, have helped along the crooks and vagabonds by foolishly giving them my details. Is there another metaphor I can draw that brings slightly more complicated online issues out into the real world?

Last year was a bad one for Internet security. Internationally there was Shellshock and Heartbleed, two suitably catastrophic names for catastrophic weaknesses/exploits. And people were advised to go and change their passwords to Services XYZ.

RobberNow imagine you had a keyring, it had 10 keys on it for each thing that you own that requires a key. Now imagine the keys on that keyring were 10 versions of exactly the same key. Then one day you’re walking along and a weakness in the metal of your keyring causes one of the keys to fall off and out of nowhere a man wearing a black eye-mask and carrying a swag-bag swoops down and takes your key. He then follows you home and tries your key on your car, he find it works. Wonderful! But then he also tries it on your backdoor when you go out again, wow! It works again! Then he tries it on the safe behind the painting that you’d clumsily tried to hide, and from there he takes your family jewels. Now you’ve lost your car, your jewels and possibly your backdoor.

You’d tell people about this and they’d say “well it was foolish having 10 keys of exactly the same type that allowed him access to everything you own.”

You can see the obvious parallels here right?

When we go out, we lock the door with one key. And we might set the alarm with a different PIN. Then we unlock our car with another key, or a “beep beep” thingo, and so on. We have various ways and means of getting to the things that we think are desirable to others. Because so long as there is human nature, there will be people trying to steal your stuff. This is true online and it’s true in the “real world.”

Despite the bad coverage and sheer magnitude of people affected, online is a safe place so long as we side-eye it. There are plenty of options out there to making yourself safer online – complicated passwords, better still password lockers (like LastPass), 2-Factor Authentication etc. Always make sure you check the credentials of the people and organisations you’re dealing with.

If we look after ourselves online the same way we look after ourselves offline then we can go about our merry way, safe in the knowledge that we are doing everything we can to be safe and secure digital citizens and experiencing the best the Internet has to offer.