Heartbleed Bug: Updating Your Security

The Canada Revenue Agency (CRA) temporarily shut down public access to its electronic services on Wednesday amid concerns that the system has become the latest victim of the Heartbleed Bug that is affecting businesses across the world.

“We have received information concerning an Internet security vulnerability named the Heartbleed Bug,” the agency said in a statement posted on its website. “As a preventative measure, the CRA has temporarily shut down public access to our online services to safeguard the integrity of the information we hold.”

Services are expected to resume after the weekend for the CRA, however this announcement has drawn attention to the scale of destruction this particular bug is leaving in its wake.

What is the Heartbleed Bug?

The bug, was detected last week by Internet security experts in Finland and researchers at Google, however was only revealed to the online security community on Monday.

Its target is the encryption technology, Open SSL, that is supposed to protect your online accounts for e-mails, instant messaging and a wide range of e-commerce. It not only reveals the contents of a server’s memory including usernames, passwords and credit card numbers, it can also obtain copies of the server’s digital keys, which it can use to impersonate other servers and fool you into thinking they are a legitimate website.

The Big Banks

The key industry to use this technology is the banking industry, however the Canadian Banking Association (CBA) has said there is no reason to be concerned.

“Banks have sophisticated security systems in place to protect customers’ personal and financial information, including encryption and other measures,” the CBA said. “As part of a normal course of business, the banks actively monitor their networks and continuously conduct routine maintenance to help ensure that online threats do not harm their servers or disrupt service to customers.”

A sentiment that is echoed by all of Canada’s major banks.

Who is Affected?

The latest sites to be affected are Google Mail, Yahoo Mail, Bing, Amazon, Facebook, Instagram, GoDaddy, Intuit (TurboTax), Dropbox and the CRA.

Popular sites such as Mashable have also started to aggregate a list of websites affected, noting if they have fixed the problem.  LastPress has also created a URL checker for you to check if a site you use has been affected.

What you should do

Go against your automatic reaction. Do not log into any accounts you have on the affected sites. Security experts suggest waiting for confirmation of a fix from the company, because further activity on a vulnerable site could exacerbate the problem.

If you’re worried about an account, contact the company’s customer service team by phone to find out if they’ve been affected, and when they plan to fix it

When you know that a fix has been made to a site that you use, change your passwords and any additional security questions associated with the account.

And remember, this bug will be around for a while, so keep an eye on those sensitive accounts, like banking and email, for any suspicious activity over the coming weeks, just in case.