Canada Halts Online Tax Returns In Wake of Heartbleed

alphadogg (971356) writes "Canada Revenue Agency has halted online filing of tax returns by the country's citizens following the disclosure of the Heartbleed security vulnerability that rocked the Internet this week. The country's Minister of National Revenue wrote in a Twitter message on Wednesday that interest and penalties will not be applied to those filing 2013 tax returns after April 30, the last date for filing the returns, for a period equal to the length of the service disruption. The agency has suspended public access to its online services as a preventive measure to protect the information it holds, while it investigates the potential impact on tax payer information, it said."

Honest?

[RichMan]

Is this the most honest response? The Canadian banks as a group say "our procedures mean we were never at risk".
http://www.cbc.ca/news/busines...
Who do you trust more to be truthfull?

Is there any incentive for the banks to be honest about this?

Re:Honest?

[compro01]

Testing does back up the bank's claims. RBC, CIBC, TD, Scotia, BMO, CWB, PCF, Tangerine, all of them show as unaffected on Filippo's tester.

Re:Honest?

[Windwraith]

Or it could be that banks lie. A lot.

Re:Tax filing

[rmdingler]

The one thing government has streamlined is the tax collection process.

Re:Idiots.

[Russ1642]

One minute to patch the bug. Two weeks to ensure that every computer system, every server, everything has been patched.

Very sensible

[swillden]

I thought about this last night, as I was working on my taxes. A lot of my tax information has moved on-line and so to complete my return I needed to log into bank, brokerage, mortgage lender and other web sites... sites I'd really prefer to avoid logging into right now until I'm sure they've been made safe. I did test each of them with a Heartbleed testing tool before logging in, but most people won't know to do that. I really wish the US had opted to move the filing date back a week or two.

Re:Idiots.

[Anubis+IV]

Closing the door is easy. Taking inventory to figure out what was stolen takes a lot longer and could have major repercussions. If the thief made a copy of your keys, client data, or other sensitive information, you need to go through a lot more hassle. Suggesting this is a one-minute fix is horribly misguided, since applying the patch is merely the first step in a series of steps that are absolutely necessary to re-secure your system. Failing to do so would be like closing the door without changing the locks after having your keys copied.

For instance, after applying the patch, you then need to replace your private key since the old one could have been compromised. And doing that means that you need to update your certs as well, that way people have your public key. If you're being responsible, you'll also want to revoke user sessions and prompt your users to change their passwords so that intruders can't pose as them and gain access to private user information. The list of data that could have been compromised goes on and on, and doing a thorough investigation into exactly what data was accessible from a compromised system could take awhile to accomplish and could mean having to go through a significantly more lengthy process to set everything right again.

Re:All online filing or just web filing?

[KenAndCorey]

In both the desktop and web version of Turbo Tax, you still download a ".tax" file that you then have to log into the government site and upload (known as Netfile). You do not file directly using the TurboTax software. So this will block both desktop and web-based TurboTax users. The only information required to access NETFILE is your Date of Birth and your Social Insurance Number. But you probably don't want people get a hold of that information either. Or your bank account if it is included in the file you are uploading.