Forgot your password?
typodupeerror
Canada Bug Government Security IT Your Rights Online

Canada Halts Online Tax Returns In Wake of Heartbleed 50

Posted by timothy
from the worse-than-a-syrup-heist dept.
alphadogg (971356) writes "Canada Revenue Agency has halted online filing of tax returns by the country's citizens following the disclosure of the Heartbleed security vulnerability that rocked the Internet this week. The country's Minister of National Revenue wrote in a Twitter message on Wednesday that interest and penalties will not be applied to those filing 2013 tax returns after April 30, the last date for filing the returns, for a period equal to the length of the service disruption. The agency has suspended public access to its online services as a preventive measure to protect the information it holds, while it investigates the potential impact on tax payer information, it said."
This discussion has been archived. No new comments can be posted.

Canada Halts Online Tax Returns In Wake of Heartbleed

Comments Filter:
  • Re:Idiots. (Score:5, Interesting)

    by Anubis IV (1279820) on Thursday April 10, 2014 @12:15PM (#46715269)

    Closing the door is easy. Taking inventory to figure out what was stolen takes a lot longer and could have major repercussions. If the thief made a copy of your keys, client data, or other sensitive information, you need to go through a lot more hassle. Suggesting this is a one-minute fix is horribly misguided, since applying the patch is merely the first step in a series of steps that are absolutely necessary to re-secure your system. Failing to do so would be like closing the door without changing the locks after having your keys copied.

    For instance, after applying the patch, you then need to replace your private key since the old one could have been compromised. And doing that means that you need to update your certs as well, that way people have your public key. If you're being responsible, you'll also want to revoke user sessions and prompt your users to change their passwords so that intruders can't pose as them and gain access to private user information. The list of data that could have been compromised goes on and on, and doing a thorough investigation into exactly what data was accessible from a compromised system could take awhile to accomplish and could mean having to go through a significantly more lengthy process to set everything right again.

Testing can show the presense of bugs, but not their absence. -- Dijkstra

Working...