iOS app Android app

Canada tax agency blocks online access

stumbleupon: Canada tax agency blocks online access   digg: US Works With Sudan Government Suspected Of Aiding Genocide   reddit: Canada tax agency blocks online access Canada tax agency blocks online access

ROB GILLIES | April 9, 2014 01:13 PM EST | AP

Compare other versions »

TORONTO (AP) — Canada's tax agency said Wednesday it has temporarily cut off public access to its electronic filling services just three weeks before the tax deadline because of security concerns over the "Heartbleed bug."

Canada Revenue Agency spokeswoman Mylene Croteau said the agency is taking precautionary measures because of the threat known as "Heartbleed," an alarming global internet lapse in security that has exposed millions of passwords, credit card numbers and other sensitive bits of information to potential theft by computer hackers.

The breakdown revealed this week affects the encryption technology that is supposed to protect online accounts for emails, instant messaging and a wide range of electronic commerce. Security researchers who uncovered the threat are particularly worried about the breach because it went undetected for more than two years.

Canada's tax agency said it is working to restore secure access as soon as possible. The agency said it recognizes the problem may represent a significant inconvenience for Canadians and that consideration will be given to taxpayers who are unable to comply with their filing requirements because of the interruption.

This is a busy time of year for the tax agency, as people file returns electronically and track the progress of refunds online.

As of the end of March, the agency had received 6.7 million returns, with 84 percent filed electronically.

"We're on top of this. We had our IT officials working throughout the night," Canada Revenue Minister Kerry-Lynne Findlay said.

Croteau said the agency will be posting an update later Wednesday.

"If the issue continues we'll keep posting updates at 3 PM every day," Croteau said.

Heartbleed creates an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and "https:" on Web browsers to signify that traffic is secure. The flaw makes it possible to snoop on Internet traffic even if the padlock had been closed. Interlopers could also grab the keys for deciphering encrypted data without the website owners knowing the theft had occurred, according to security researchers.

The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.

About two-thirds of Web servers rely on OpenSSL, Chartier said. That means the information passing through hundreds of thousands of websites could be vulnerable, despite the protection offered by encryptions.