Skip to content
Canajun Finances Home » Heartbleed Bug ? Should You Care ?

Heartbleed Bug ? Should You Care ?

Yes, you should care about this large hole in an allegedly secure internet world. Can you do something about it? That remains to be seen.

Someone either wrote bad code, or built-in their own back door in the OpenSSL product. This is the basis for many (read LOTS) of “secure internet” applications that are used on the Web and elsewhere, and created the Heartbleed Bug with this change. This is so interesting, there is a Heartbleed Bug website! Do you really want a detailed explanation, read Bruce Schneier’s explanation . He says on a scale of 1 to 10 in terms of bad, this is an 11?

How serious is this problem? Well the CRA  closed down Netfile’ing for now because they weren’t sure if they were victims of this problem. My bank didn’t shut down their Web Banking. They either don’t think this is a big issue, or they know they did not use that code.

What should you do about it? I have seen lots of folks screaming that we should all change our passwords right away. This is always a good idea. However, if you then use your new password on a site that has not been “fixed” yet, you are compromised.

What to do?

It might be best to find out which sites you use that might have this “software flaw” in it, and once the site declares it is safe, change your password there. If you have a common password that you use everywhere, you might want to change it everywhere. You can test a site here, but I am also unsure if that site’s findings are (1)believable (2) to be trusted.

The good news is that this bug has been around since 2011. Does that mean no one noticed this before, or has it been exploited for a long time and is now becoming well-known? I have no idea, but this is another argument about why you should regularly change ALL of your passwords, especially for online banking and such.

Canajun Finances Home » Heartbleed Bug ? Should You Care ?

Feel Free to Comment

  1. Sean Cooper, Financial Freelance Writer and Blogger

    It just goes to show you how archaic CRA’s IT department is . Most websites were up and running in less than 24 hours, while CRA takes their sweet time getting the bug fixed. As a former CRA intern, I found out first hand their computer systems are barely a step up from MS-Dos!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Tags:
Verified by MonsterInsights