Nearest broker: Searching for a broker nearby…
Nearest broker: Tweed Phone: (613) 478-2532 Sunderland Phone: (705) 357-3916 Sudbury Phone: (705) 523-2030 Penetanguishene Phone: (705) 549-7437 Ottawa Phone: (613) 733-3312 Parry Sound Phone: (705) 746-2441 Orillia Phone: (705) 325-4234 Kemptville Phone: (613) 258-5991 Eganville Phone: (800) 884-1045 Petawawa Phone: (613) 687-4805 Belleville Phone: (800) 361-0941 Winchester Phone: (800) 487-3706 Wellington Phone: (613) 399-3620 Trenton Phone: (877) 455-0299 Prescott Phone: (877) 504-3569 Picton Phone: (888) 475-2776 Peterborough Phone: (800) 958 2270 Perth Phone: (877) 248-1222 Pembroke Phone: (877) 399-3299 Oshawa Phone: (800) 887-7309 North Bay Phone: (705) 475-0001 Napanee Phone: (613) 354-2152 Morrisburg Phone: (800) 806-0746 Midland Phone: (888) 737-6465 Madoc Phone: (613) 473-5266 Kingston Phone: (800) 590-5422 Gananoque Phone: (800) 932-2131 Embrun Phone: (866) 853-4740 Crysler Phone: (888) 292-7098 Courtice Phone: (888) 761-0443 Cornwall Phone: (844) 463-3616 Cobourg Phone: (800) 895-5902 Carleton Place Phone: (888) 237-9517 Brockville Phone: (888) 345-8663 Brighton Phone: (613) 475-1430 Barry’s Bay Phone: (866) 845-2123 Barrie Phone: (705) 726-3350 Bancroft Phone: (800) 994-0036 Arnprior Phone: (800) 668-7337
Get a Quote
Open Menu

A bug that will give you a massive Heartbleed

Heartbleed: Security Flaw in OpenSSL. What does that mean?

Up until recently, the average internet user had never heard of the word Heartbleed with respect to computer security, even more so, OpenSSL. It now sweeps the internet, is one of the largest trending topics on all social networking sites, and is the top story in the news. I hate to put a CNN spin on this, but it is terrifying!

In simple terms, it leads to the leak of information passed between the server and the client. It allows the hacker to steal user names and passwords, instant messages, emails and basically anything stored in your computer memory. Furthermore, the hacker can eavesdrop on communications, steal data from service providers and impersonate users.

A team of security engineers at Codenomicon and from Google Security discovered the bug. The OpenSSL is the most popular open-source code used for encryption on the internet. This code is used by;

  • More than two-thirds of the active websites on the internet.
  • Many mobile apps
  • Email and chat servers
  • Virtual private networks
  • Hardware devices such as routers

As a user, we have never been so vulnerable before. What can we do to protect ourselves? We wait. Each service provider affected is required to first fix the flaw, secondly swap out potentially compromised security certificates for new ones, and finally notify the users. Changing your password before the fix is pointless, as Heartbleed will be able to see your new password too.

Pinterest was the first service to contact me with regards to changing my password. I received this e-mail message on my Android phone; both the phone and Pinterest are exposed to Heartbleed. I logged onto the popular interest site using my MAC and promptly changed my password. I waited, but nothing really happened. That is the crazy thing about this Heartbleed bug, it can attack your computer memory without you knowing it. There is no trace that it was even there.

Mashable put out a list of popular networks and websites that are affected, and the action required by you. Ironically, all the big guys are on the list, as they have generally upgraded to the latest encryption. The list includes the sites like;

  • Facebook
  • Instagram
  • Pinterest
  • Google
  • Yahoo

Canadian Revenue Agency

Also affected and not on the list are Android, Canadian banks, and the CRA. During this busy tax time, the CRA removed public access to the site temporarily as a precaution, and users were unable to file their taxes using NETFILE. This security measure was necessary to protect taxpayer information and allow the agency time to upgrade the encryption. Unfortunately, the CRA announced that Social Insurance Numbers of about 900 taxpayers were removed from their systems. Measures will be taken by the CRA to help protect those individuals affected from this breach. The Minister of National Revenue also announced an extension to the filing deadline for taxes beyond April 30, 2014 for “a period equal to the length of the service interruption,” therefore; individual returns for 2013 filed by May 5th will not incur penalties or interest.

For now, you might want to stay away from all sites identified as ‘vulnerable’.

On a go forward, you are advised to change your passwords on a regular basis, use strong passwords, and never to use the same password across multiple sites.

Next step, call your broker at McDougall Insurance & Financial to find out if you have identity theft on your home policy! If you have commercial insurance for your business, call your broker to talk about cyber-risk insurance to protect your business and your customer’s information.

Call McDougall Insurance & Financial at 1-800-361-0941


No comments found.
Anonymous User

Leave a Reply

Your email address will not be published. Required fields are marked *


You Might Want to Read

Meet the Dougallers: Mark Runions
Did you know McDougall Insurance also offers Life & Financial services? Well we sat down with one of the experts here at McDougall Insurance, Mr....
Welcome McFarlan Rowlands Insurance to the Team!
We are pleased and excited to announce that we have completed our largest merger ever with McFarlan Rowlands Insurance Brokers whose head office is in...
Meet the Dougallers: Erin Hough
Put your hands together, Meet the Dougallers welcomes Erin Hough from our Belleville office! We wanted to find out a little more about Erin and...
Request a Free Quote

It’s simple and won’t take long.

Get a Quote800-361-0941

Person standing, looking down at laptop