Menu

Topics

TV Programs

Connect

Local

your local region

National

Share

Share this item via WhatsApp whatsapp Share this item on Flipboard flipboard Share this item on Reddit reddit

Calendar

Calendar

Search

Quick Search

  •  
  •  
  •  
  •  
  •  
  •  

Trending Now

  •  
     
  •  
     
  •  
     
  •  
     
  •  
     
  •  
     

Add Global News to Home Screen

Instructions:

  1. Press the share icon on your browser
  2. Select Add to Home Screen
  3. Press Add

Comments

Want to discuss? Please read our Commenting Policy first.

Video link
Headline link
Advertisement
Canada

Blog replay: Experts answer questions about the Heartbleed bug

By Nicole Bogart Global News
Posted April 15, 2014 4:20 pm
2 min read
An encryption flaw now known as the Heartbleed bug has made a major impact on online security. The flaw has affected many online services and websites that Canadians access every day. View image in full screen
Have questions about the Heartbleed bug? Join our live blog Tuesday from 12 p.m. to 1 p.m. EST to have them answered. Graphic/Global News
Share this item via WhatsApp

Share

Share this item via WhatsApp whatsapp Share this item on Flipboard flipboard Share this item on Reddit reddit

Kellman Meghu, head of security engineering at Checkpoint Software Technologies, and identity theft expert Graeme McWaters took part in a live blog Tuesday afternoon answering questions about the Heartbleed bug and what might happen to those affected by the Canadian Revenue Agency’s website breach.

READ MORE: What’s affected by the Heartbleed bug and what passwords you need to change

Meghu provided insight into what exactly the Heartbleed bug is and why it is causing such a headache for online services.

McWaters shed light on the concerns surrounding the CRA’s website breach and how those affected might be at risk for identity theft.

Below are some highlights from Tuesday’s blog.

There was a delay between when the Heartbleed bug was revealed to the public and when the Canada Revenue Agency shut down its website. Do you think that put information at risk?

Meghu: “I’m afraid it would have been at risk. [The] CRA is dealing with many servers, it would take them time to validate all their systems, which means there was time for other people to discover it was open to Heartbleed as well.”
Story continues below advertisement

Is there anything you can do if your SIN was stolen?

Breaking news from Canada and around the world sent to your email, as it happens.

McWaters: “Report this to Services Canada, put a fraud alert on Equifax and Transunion (the two Canadian credit bureaus), monitor all your financial services regularly and maybe apply for a credit monitoring service. You could also report this to the police if it was stolen (other than the CRA situation).”

How certain can we be that the CRA has found ALL the stolen SINs?

McWaters: “We are not certain and we can only go with what they tell us to date.”

More on Canada

Is encryption technology generally safe?

Meghu: “Encryption technology is very safe, and it remains secure. This was not a flaw in the design of our SSL security, but a bit of bad programming without the proper checks. The version that this problem exists in is older, and of course, now known to be flawed, but the rest of the implementations continue to be secure.”

What is the CRA doing to make sure this doesn’t happen ever again?

Meghu: “I’m afraid the reality of this bug is not exclusive to CRA, they did not do anything wrong in this case. The issues stems more from the popularity of an open source component that, while critical to our security online, was poorly funded and supported by a handful of people. This should start the conversation around better supporting our software infrastructure. Remember the internet was built on a best effort basis, and to be fair, it’s been an amazing effort.”

You can read the full blog-replay below:

Story continues below advertisement
Related News
© 2014 Shaw Media

Sponsored content

AdChoices