HAPPENING NOW:

Morning Weather for April 28th

Business excellence awards next month

Tim Horton’s smile cookie campaign is back!

It’s time to elevate your curb appeal

Here is the “purrrr-fect” adoptable pet

You’re never too young to start ‘Making Bank’

Heartbleed giving CRA & users heartburn

  • Updated On:
Share this story...

[projekktor id=’12352′]

Three weeks from the tax deadline and the Canada Revenue Agency has blocked public access to its website. The reason: information shared between the CRA and the public is vulnerable to a bug known as the Heartbleed.

It’s not a virus, but a flaw in security software. When you sign in to a secure website, like Facebook or online banking, the connection between your computer and the server is constantly back and forth as if the connection itself is alive. IT people call it a heartbeat. This bug is a fundamental flaw in the design of a heartbeat that could be tapped into – and in effect, information could then bleed out.

Federal officials aren’t ruling out a wider spread shutdown of online services like the CRA.

“In respects to the CRA I think that was a pretty good move. They have a lot of information, a lot of private information.”

Richard Godsmark is the director of IT security at McMaster University. Today his department is working to address this issue in their software. He says that they learned about the Heartbleed two days ago, and as much as two-thirds of websites are vulnerable.

“I would suspect banking, email, most online things that have any kind of sharing of confidential or sensitive information which we do share a lot now a days.”

Typically these sites are known to be secure by a small padlock that appears on the task bar, but this bug targets sites believed to be secure.

“That mechanism that has been used to protect that and provide that trust has been broken and that’s, I think that’s what’s going to be most concerning to the general public.”

Godsmark says that once exposed the problem can be fixed relatively soon. Google and Facebook say that they have already patched the bug, and the CRA expects to be up and running by the weekend. Also, most bank websites have a security guarantee posted on their home page.

Richard Godsmark says the best way to protect yourself now is to change your passwords.

It’s important to make the new password strong. He recommends more than eight characters, not a word from the dictionary; use both upper and lower case. Also, it’s a good idea to change the password every six months.

At this time it’s not known if, or how many Canadians private information has been compromised by hackers. The Canada Revenue Agency says they will not penalize anyone who is affected by the shutdown.

Related Stories