Late last week, you may have heard rumblings about a scary-sounding new software bug that has affected major companies across the world, including Microsoft and Cisco. In a headline, Wired declared that “The Internet Is on Fire”; the director of the U.S. Cybersecurity and Infrastructure Security Agency said the vulnerability is “one of the most serious that I’ve seen in my entire career, if not the most serious.” There are, according to cybersecurity writer Robert Graham, “over 10,000 products that have been identified as vulnerable, some very popular ones,” including Apple’s iCloud, IBM, and Amazon Web Services. Graham notes that folks who don’t work in cybersecurity ought not to panic because “the bug doesn’t threaten you personally nearly as much as it threatens services out on the Internet.” Still, Axios reports that the flaw leaves hundreds of millions of systems vulnerable to attack and that it’s likely we haven’t seen the extent of the damage from attackers yet.
I’m going to briefly attempt to explain (in excruciatingly reductive terms) what the bug is and why it matters. Then, I'm going to talk about what it says about the actual infrastructure of the internet. It includes a first-hand account of the ways the web we use is just barely held together.