Breaking News

How to protect yourself from the Heartbleed bug

The Canada Revenue Agency is this week notifying 900 taxpayers who it believes had their social insurance numbers stolen as a result of the Heartbleed bug that has affected hundreds of prominent websites.

The tax agency shut down public access to its online services on Tuesday, April 8, after it discovered that the Heartbleed encryption vulnerability had affected people using the CRA's website.

The social insurance numbers were stolen over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The agency is sending registered letters to those taxpayers who are affected, rather than emailing because it doesn't want fraudsters to use phishing schemes to further exploit the privacy breach.

The CRA website was brought back online on Sunday, April 13 after the CRA patched and re-launched its online services, including the E-file and Netfile online income tax portals.

People who were not able to file their income tax last week because of the website shutdown have been given an extra week to make the tax deadline. CRA has extended the filing deadline to May 5, 2014 before penalties apply.

The Heartbleed bug – which had made websites vulnerable for up to two years before it was discovered last week – gave hackers access to passwords, credit card numbers and other information at many websites.

Websites that were vulnerable to the bug include Google, Facebook, YouTube, Pinterest, Netflix and Blogspot. Users of those websites are being asked to change their passwords.

The Better Business Bureau of East Kootenay is going one step forward and suggesting that consumers change their passwords on all sites they use, particularly those that retain personal identifying information.

The bureau is providing the following guidelines:

• Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you to verify who you are before you conduct business on that site.

• Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password. The bureau suggests choosing passwords that are phrases (for instance, ilovetofish) and making each letter O into a zero to make the password more complex. Look into password management software to help you keep track of really “long and strong” passwords.

• Unique account, unique password: Separate passwords for every account helps to thwart cyber criminals.

• Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer.

• Own your online presence: When available, set the privacy and security settings on websites to your comfort level for information sharing. It’s okay to limit how and with whom you share information.

For businesses, the bureau is recommending that they immediately check to see if their website uses the Open SSL program that has been hit by the Heartbleed bug. If a vulnerability exists, work with a computer professional to install a more secure SSL program on the website.

For more information and other consumer tips, visit bbb.org.

 

With files from Jeff Nagel, Black Press

We encourage an open exchange of ideas on this story's topic, but we ask you to follow our guidelines for respecting community standards. Personal attacks, inappropriate language, and off-topic comments may be removed, and comment privileges revoked, per our Terms of Use. Please see our FAQ if you have questions or concerns about using Facebook to comment.

You might like ...

And then there’s the ferry
 
New Westminster Mayor Wayne Wright rides off into the sunset
 
GUEST COLUMN: Clean coal is an oxymoron
Offender back in police custody
 
New museum director
 
Prince Rupert LNG plant, pipelines get B.C. certificates
Winning riders
 
ELECTION 2014: Alberni votes for change
 
Digging up history

Community Events, November 2014

Add an Event

Read the latest eEdition

Browse the print edition page by page, including stories and ads.

Nov 27 edition online now. Browse the archives.