Nearest broker: Searching for a broker nearby…
Nearest broker: Sudbury Phone: (705) 523-2030 Penetanguishene Phone: (705) 549-7437 Ottawa Phone: (613) 733-3312 Parry Sound Phone: (705) 746-2441 Orillia Phone: (705) 325-4234 Kemptville Phone: (613) 258-5991 Eganville Phone: (800) 884-1045 Petawawa Phone: (613) 687-4805 Belleville Phone: (800) 361-0941 Winchester Phone: (800) 487-3706 Wellington Phone: (613) 399-3620 Trenton Phone: (877) 455-0299 Prescott Phone: (877) 504-3569 Picton Phone: (888) 475-2776 Peterborough Phone: (800) 958 2270 Perth Phone: (877) 248-1222 Pembroke Phone: (877) 399-3299 Oshawa Phone: (800) 887-7309 North Bay Phone: (705) 475-0001 Napanee Phone: (613) 354-2152 Morrisburg Phone: (800) 806-0746 Midland Phone: (888) 737-6465 Madoc Phone: (613) 473-5266 Kingston Phone: (800) 590-5422 Gananoque Phone: (800) 932-2131 Embrun Phone: (866) 853-4740 Crysler Phone: (888) 292-7098 Courtice Phone: (888) 761-0443 Cornwall Phone: (844) 463-3616 Cobourg Phone: (800) 895-5902 Carleton Place Phone: (888) 237-9517 Brockville Phone: (888) 345-8663 Brighton Phone: (613) 475-1430 Barry’s Bay Phone: (866) 845-2123 Barrie Phone: (705) 726-3350 Bancroft Phone: (800) 994-0036 Arnprior Phone: (800) 668-7337
Get a Quote
Open Menu

A bug that will give you a massive Heartbleed

Heartbleed: Security Flaw in OpenSSL. What does that mean?

Up until recently, the average internet user had never heard of the word Heartbleed with respect to computer security, even more so, OpenSSL. It now sweeps the internet, is one of the largest trending topics on all social networking sites, and is the top story in the news. I hate to put a CNN spin on this, but it is terrifying!

In simple terms, it leads to the leak of information passed between the server and the client. It allows the hacker to steal user names and passwords, instant messages, emails and basically anything stored in your computer memory. Furthermore, the hacker can eavesdrop on communications, steal data from service providers and impersonate users.

A team of security engineers at Codenomicon and from Google Security discovered the bug. The OpenSSL is the most popular open-source code used for encryption on the internet. This code is used by;

  • More than two-thirds of the active websites on the internet.
  • Many mobile apps
  • Email and chat servers
  • Virtual private networks
  • Hardware devices such as routers

As a user, we have never been so vulnerable before. What can we do to protect ourselves? We wait. Each service provider affected is required to first fix the flaw, secondly swap out potentially compromised security certificates for new ones, and finally notify the users. Changing your password before the fix is pointless, as Heartbleed will be able to see your new password too.

Pinterest was the first service to contact me with regards to changing my password. I received this e-mail message on my Android phone; both the phone and Pinterest are exposed to Heartbleed. I logged onto the popular interest site using my MAC and promptly changed my password. I waited, but nothing really happened. That is the crazy thing about this Heartbleed bug, it can attack your computer memory without you knowing it. There is no trace that it was even there.

Mashable put out a list of popular networks and websites that are affected, and the action required by you. Ironically, all the big guys are on the list, as they have generally upgraded to the latest encryption. The list includes the sites like;

  • Facebook
  • Instagram
  • Pinterest
  • Google
  • Yahoo

Canadian Revenue Agency

Also affected and not on the list are Android, Canadian banks, and the CRA. During this busy tax time, the CRA removed public access to the site temporarily as a precaution, and users were unable to file their taxes using NETFILE. This security measure was necessary to protect taxpayer information and allow the agency time to upgrade the encryption. Unfortunately, the CRA announced that Social Insurance Numbers of about 900 taxpayers were removed from their systems. Measures will be taken by the CRA to help protect those individuals affected from this breach. The Minister of National Revenue also announced an extension to the filing deadline for taxes beyond April 30, 2014 for “a period equal to the length of the service interruption,” therefore; individual returns for 2013 filed by May 5th will not incur penalties or interest.

For now, you might want to stay away from all sites identified as ‘vulnerable’.

On a go forward, you are advised to change your passwords on a regular basis, use strong passwords, and never to use the same password across multiple sites.

Next step, call your broker at McDougall Insurance & Financial to find out if you have identity theft on your home policy! If you have commercial insurance for your business, call your broker to talk about cyber-risk insurance to protect your business and your customer’s information.

Call McDougall Insurance & Financial at 1-800-361-0941

 

No comments found.
Anonymous User

Leave a Reply

Your email address will not be published. Required fields are marked *

You Might Want to Read

Meet the Dougallers: Rebecca Slaughter
Meet the Dougallers is back with Rebecca Slaughter who is part of our new office in Petawawa! We sat her down to find out a...
Welcome Burr Insurance to the Team!
Burr, is it cold in here? Not anymore, we are heating things up with the addition of Burr Insurance to the McDougall Insurance team! Burr...
McDougall Family Fund 2021!
Our McDougall Family Fund is back! Go to our Facebook Page for full details. What is the McDougall Family Fund Contest? This is our 8th...
Request a Free Quote

It’s simple and won’t take long.

Get a Quote800-361-0941

Person standing, looking down at laptop