Monthly Archives: April 2014

Heartbleed bug causes headaches for Montreal accountants

CTV Montreal
Published Sunday, April 13, 2014 6:43PM EDT
hands on the keyboard heartbleed bugThe five days the Canada Revenue Agency’s online services were offline has made it difficult for many accountants to do their jobs.Chartered professional accountant Dan Blumer says he was able to complete tax returns for his clients, but had to wait to send them.“We have hundreds of them in cue waiting to be e-filed and as soon as the website is back up and running,” he said.

The Heartbleed bug was discovered last week, but it appears to have gone undetected for years.

Heartbleed is a glitch that affects open-source software, which is at the centre of applications used to encrypt internet communications.

It can reveal the computer’s memory, including passwords and credit card numbers.

It can also allow hackers to impersonate other servers.

It’s still unclear exactly how many websites may have been compromised.

“Because it leaves no trace, hackers can be at it all day long collecting data,” Internet security expert Terry Cutler said.

The CRA decided to shut down its web services to protect Canadians from any information leaks that may occur.

“The biggest problem we’re going to see now is that people aren’t going to trust what they are doing online, banking or online transactions,” says Cutler.

Each website has to repair the glitch itself, which could take days.

Cutler says there’s a way to check if the site you’re using has been compromised. A downloadable plug-in called Chromebleed will check if the website you’re visiting is still vulnerable to the glitch if you browse the web using Google Chrome.

Internet users should change their passwords only if they know the website they’re visiting as fixed the problem.

Now that the CRA website is back up and running, people can go online and file their taxes.

Because of the outage, the deadline to file has been extended to May 5.

Ubiquitous passwords online cause myriad challenges

Original source  http://www.montrealgazette.com/technology/Ubiquitous+passwords+online+cause+myriad+challenges/9730167/story.html

imageCybersecurity expert Terry Cutler said the number of passwords to remember is much higher than most people think. Counting everything from alarm security codes to car door keypads, he estimates that most people have between 20 and 50 passwords to remember.

Photograph by: JONATHAN HAYWARD , THE CANADIAN PRESS

A popular online joke shows a frustrated computer user in front of a screen that reads: “I’m sorry, your password must contain a capital letter, two numbers, a symbol, a spell, a gang sign, a hieroglyph and the blood of a virgin.”

The rise of “password” jokes puts a funny spin on a very real phenomenon: much of our personal information is available online, protected only by a string of alphanumeric characters that we must generate, and, even worse, remember.

This week, it was revealed that the so-called Heartbleed bug, a flaw in the encryption software used by two-thirds of secure websites, may be putting a great deal of personal information at risk.

The advice being given to ordinary consumers is: change your passwords. All of them. But for people with dozens of different codes, that can be a daunting task.

Sitting at a Montreal-area coffee shop, students Lucie Goyette, 24, and Catherine Bergeron, 22, made a quick tally. Between phone codes, PINs, student numbers and countless social media accounts, they figured they each have about a dozen passwords.

Goyette said hers are pretty easy to remember. “They’re all a variation of the same base word,” she said. “I guess I’d be pretty easy to hack.”

Cybersecurity expert Terry Cutler said the number of passwords to remember is much higher than most people think. Counting everything from alarm security codes to car door keypads, he estimates that most people have between 20 and 50 passwords to remember.

“The challenge that I’m seeing is that people, especially those who are not from the Internet generation, are using passwords like their birthdays, their mother’s maiden name, their address, or anything else that’s easy to remember,” he says.

Password management company SplashData released a list of the most popular passwords of 2013, with 123456, password, and qwerty all making the Top 5.

The problem with this kind of password, according to Cutler, is that most hackers use software that stores millions of codes in something called a dictionary file. “Those common sequences are the first thing they’ll try,” he says.

Nevertheless, that doesn’t stop many Montrealers.

Bruce Hulley, in his 80s, spent many years teaching fellow seniors basic computer and Internet skills. For many older people, the sheer number of passwords to use and remember can be a barrier to Internet use.

“We lived most of our lives with just our address, our phone number, and our social insurance number,” he said. “Now we’re confronted with dozens of passwords we promptly mess up and forget.”

He said he used to suggest easy-to-remember passwords, like a first name, to his students. Although it’s not the most secure, “it’s better than them not using the Internet at all.”

But forgetting passwords is not limited to seniors. Goyette said she has forgotten and reset many of her passwords numerous times. Even the backup verification questions aren’t always a help.

“On one account, I’d put the name of my boyfriend as the security question,” she said. “Years later, I had no idea how I’d spelled his name.”

Cutler said everyone can develop a password that is secure: at least 16 characters long, containing a mix of numbers, upper and lowercase letters, and symbols.

“The best way is to take a favourite phrase or song lyric, and replace a couple of the letters with symbols, like putting an ‘@’ symbol in place of an ‘a,’ ” he says.

Even though it won’t help with system failures like Heartbleed, it’s better than nothing.

“A good password can take years to break,” he said.

Just don’t use letmein.

© Copyright (c) The Montreal Gazette