To the individuals who have always feared the online world of banking, shopping, private email conversations, you are probably shaking your heads and saying “I told you so!” The Heart Bleed Bug is a wakeup call to the world that nothing on the internet is 100% secure.
What is it?
The Heart Bleed Bug is reported to have gone undetected for over 2 years. It is a fatal flaw in Open SSL cryptographic software library. It allows our most private information such as user names, passwords, email communications and even credit card information to be compromised, data that we assumed for the most part to be safe and secure. It is impossible to trace, and you may never know that you’ve been hacked. To make matters worse this flaw allows hackers to steal encryption keys. Encryption sends data as unreadable to anyone other than to whom it is intended, basically turning incomprehensible data into readable information. The pad lock image you see in an address bar; is a good indication that that site is using encryption software, which may have been affected by the Heart Bleed Bug.
Tax season isn’t usually anyone’s favourite time of year. But this year, we get to add the fact that online services such as EFile, NetFile, My Account, My Business Account, and Represent a Client have all been temporarily shut down. For those of you who have yet to file your taxes, CRA recognizes the problem and reported on April 9 that taxpayers will not be penalized as a result of this issue. That will likely change once CRA restores safe and secure access. Please visit http://www.cra-arc.gc.ca/menu-eng.html for updates on Heart Bleed Bug.
How Can You Protect Yourself?
We should all assume that we have been affected. Mainstream recommendations include all user names and passwords be changed immediately. Best practice suggests that real words not be used as passwords (ie holy cow), but rather a combination of letters, numbers and special characters (ie h0)l <m%8). It is also recommended that passwords be updated every 30 to 90 days. Please exercise caution. Many websites are in the process of improving security measures, so you may end up changing a password on a site that is still vulnerable. What did we do before technology? Oh yes, pencils, erasers, and paper.