Officials at the Canada Revenue Agency are so concerned about security risks to millions of Canadians residents it had shut down all online tax filing access. A newly discovered security vulnerability was recently discovered that could put the personal information of individuals and businesses at risk. The culprit that caused this drastic measure by the CRA is called the Heartbleed bug.
The Heartbleed bug attacks a vulnerability in the widely used OpenSSL cryptographic software. The weak spot affected includes the SSL/TLS encryption used to send consumer information over the internet. The SSL/TLS encryption can be found as the security device for such applications as email, instant messaging, and some virtual private networks.
The Heartbleed bug exposes information to the internet that can be accessed by anyone. It allows the protected memory information stored in the systems to be easily read. All this adds up to compromises of the secret keys used to identify service providers and those used to encrypt the traffic. Unscrupulous attackers can monitor private conversations, steal non public data from the services and or users, and even impersonate the services or the user.
Heartbleed.com is an organization that is getting out information to help battle the vicious virus. Using the bug allowed the organization to access vital information from itself. The attack was from the outside and was conducted without leaving a footprint. The “hackers” used no privileged information and supplied no credentials to easily spy on critical business documents, emails, user names and passwords.
The officials at heartbleed.com say that as long as the vulnerable OpenSSL is in use the system is readily available for further attacks. The new Fixed OpenSSL was recently released and seems to be the answer to fighting heartbleed. The attack will cause all operating system vendors and distribution, appliance vendors, independent software vendors to change over to the new software and notify all end users. Service providers have to install the fix when it becomes available and pass the install on to all their customers.
Since the virus has attacked many major portals such as Facebook and Gmail it is advisable to change all your passwords and vital information such as credit card numbers as a precautionary measure. The attacks on these sights was not known until recently but these companies are advising their customers to err on the safe side.