Published Sunday, April 13, 2014 6:43PM EDT
The Heartbleed bug was discovered last week, but it appears to have gone undetected for years.
Heartbleed is a glitch that affects open-source software, which is at the centre of applications used to encrypt internet communications.
It can reveal the computer’s memory, including passwords and credit card numbers.
It can also allow hackers to impersonate other servers.
It’s still unclear exactly how many websites may have been compromised.
“Because it leaves no trace, hackers can be at it all day long collecting data,” Internet security expert Terry Cutler said.
The CRA decided to shut down its web services to protect Canadians from any information leaks that may occur.
“The biggest problem we’re going to see now is that people aren’t going to trust what they are doing online, banking or online transactions,” says Cutler.
Each website has to repair the glitch itself, which could take days.
Cutler says there’s a way to check if the site you’re using has been compromised. A downloadable plug-in called Chromebleed will check if the website you’re visiting is still vulnerable to the glitch if you browse the web using Google Chrome.
Internet users should change their passwords only if they know the website they’re visiting as fixed the problem.
Now that the CRA website is back up and running, people can go online and file their taxes.
Because of the outage, the deadline to file has been extended to May 5.
I’m a government cleared cybersecurity expert (a Certified Ethical Hacker), and the Vice-President of Cyber at SIRCO, an investigations and protections firm in Montréal, Canada.
I’m also a frequent contributor to National & Global media reportage about cyber-crime, spying, security failures, internet scams, and the real social network dangers that families and individuals face every day.
Latest posts by tcutler (see all)
- Cops warn of scammers using fake claims of tax refunds - April 17, 2017
- How to know if you’ve been hacked - April 16, 2017
- 47 year old man arrested following Concordia University bomb threat - March 2, 2017