The news around the “Heartbleed” security bug just keeps getting worse.
Two days after security researchers announced the bug, the Canadian Revenue Service has temporarily shut down its public Web services in order to protect taxpayer information.
The vulnerability lets hackers steal information from Web servers by tricking their encryption software.
By sending a short message that looks like it’s coming from a secure source, infiltrators can trick the computers that power major services into giving up the information they include in memory.
Considering the sensitive nature of the data on its servers, the Canadian tax service is cutting off access rather than having users update passwords while the software is still potentially vulnerable.
Here’s the entire statement from the Canadian Revenue Agency:
The Canada Revenue Agency (CRA) places first priority on ensuring the confidentiality of taxpayer information.
We have received information concerning an Internet security vulnerability named the Heartbleed Bug. As a preventative measure, the CRA has temporarily shut down public access to our online services to safeguard the integrity of the information we hold. Applications include online services like EFILE, NETFILE, My Account, My Business Account and Represent a Client.
The CRA recognises that this problem may represent a significant inconvenience for individual Canadians, representatives and businesses that count on the CRA for online information and services. Please be assured that we are fully engaged in resolving this matter and restoring online services as soon as possible in a manner that ensures the private information of Canadians remains safe and secure.
Please note that consideration will also be given to taxpayers who are unable to comply with their filing requirements because of this service interruption.
We are committed to investigating any potential impacts to taxpayer information. We will provide further information and daily updates at 3PM EST on our home page until the situation is resolved.
(Via Financial Times)