- Oct 23, 2012
- 12,527
- Heartbleed no longer affects Canada's govt sitesAfter an entire weekend of being shut down due to Heartbleed, Canada has announced that its tax-filing system is back online and in working order.
According to an announcement made by the Canadian government, all its public websites are up and running after some of them were disabled to reduce the vulnerability to the OpenSSL bug revealed last week. This was meant to make sure that hackers did not get access to sensitive information until the issue was patched up.
“Service has been restored to all publicly accessible Government of Canada websites,” announced Tony Clement, president of the Treasury Board.
The same Treasury Board made the executive decision to take down all sites belonging to government departments that could be affected by the flawed software.
Now, all federal government departments and agencies have been updated and have tested their OpenSSL software and certificates to address the discovered vulnerability.
“Individuals, businesses and representatives are now able to file returns, make payments, and access all other e-services available through the CRA’s website, including all our secure portals,” reads the announcement.
The problems may have been fixed now and the vulnerability is no longer exploitable, but that doesn’t mean that information has not been leaked.
Unfortunately for everyone, the bug made its way into OpenSSL about two years ago and has gone undiscovered until recently. The official announcement about Heartbleed was made last week, sending the world in frenzy.
Huge Internet companies scrambled to patch their sites to make sure that user data was safe once again, including Google, Yahoo and Facebook. Due to the nature of the bug, however, there’s no way of knowing if there have been any attacks on various servers because such actions leave no traces behind.
Had there been any traces left on servers, the bug would have been discovered a lot earlier.
Many have said that there must be some foul-play involved since such a bug was surely placed there intentionally. Although this did seem like a possibility, the developer that is responsible for Heartbleed says that he did not do this on purpose, but rather made a programming error that affected an incredibly sensitive area – security.
The fact is that OpenSSL is an open source program that is supposed to be safer because anyone can get access to it and review the code to find any imperfections. Somehow, this time around, such a thing did not happen and the entire system was put to risk.
