Heartbleed - A Headache for Internet Users

Great, the very next day after I filed my income tax on line, it was announced that the CRA (Canadian Revenue Agency) was shutting down their computers due to a computer virus called "heart bleed". It turns out this was known for about two years and our information has been at risk to hackers. It was also announced today on the radio that about a thousand Canadian SIN numbers are compromised. I only hope that mine was not one of them. I did receive tonight via email one of the scam emails that have been sent to Canadian tax payers, telling me that I need to register with one of our Government agencies to receive a larger return. Of course, I know this is a scam and deleted it. Unreal.

The effects of Heartbleed apparently extend well past Canadian tax payers. I first read about it here and it looks like you should be changing a lot of your passwords.

I'd actually consider changing the title of the thread if I were you - if this is as catastrophic as reports suggest, more posters should be made aware of it (I only clicked through because I saw the Heartbleed in the title).

ABC reported yesterday that this is gonna get worse before it gets better....but your financial data very likely has been hacked and stored in a thief's data base for quite some time now if you live in the US...remember the Target fiasco? Its just a matter of if and when it gets sold and used....the main thing is to keep on top of your financial accounts and report fraud right away.....here in the states, we still use low tech credit cards. It is nothing for waitresses/waiters to take your card, take a pic of it both sides with their cell phone, scan it with a pocket scanner, etc and try and use that info....happened to my wife....data theft happened to me and thousands of other Spokaneites....new cards all around.....and we all pay for this fraud and theft....

Buttercup said:

The effects of Heartbleed apparently extend well past Canadian tax payers. I first read about it here and it looks like you should be changing a lot of your passwords.

I'd actually consider changing the title of the thread if I were you - if this is as catastrophic as reports suggest, more posters should be made aware of it (I only clicked through because I saw the Heartbleed in the title).

Click to expand...

Yes...I have taken the precaution of changing all my passwords and also had previously limited my facebook options, I hardly use facebook anymore. The news media has been great in giving us advice on how to protect our information. Next year, I will be doing my taxes the old fashioned way - paper copies and dropping them off to the CRA like my husband wisely did.

You should not change a password until the website you're using announces that either it was not using the software that Heartbleed exploits (OpenSSL) to get to your data, or that it has installed the patch.

Here's an article:
http://www.cnet.com/news/heartbleed-bug-what-you-need-to-know-faq/

Important things

Most banks don't use OpenSSL
Don't change passwords until the site is clean. Otherwise you are just giving your new password to hackers
Check your bank accounts/credit cards OFTEN. This is Chris's point, and he's right.
Be aware that income tax websites are cookie jars to hackers. They file fake taxes and take your refund.

http://www.weau.com/home/headlines/Tax-refund-fraud-is-a-big-frustration-for-victims-254879491.html

CNET has a list of the top 100 websites and their current status (list is being contnuously updated.). Ebay, Amazon, paypal never had the problem.
Craigslist, maybe. Facebook fixed.
http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/

Thanks for posting this. I especially appreciate the Cnet list. I've changed a couple of passwords and my bank doesn't use that encryption so I'm happy about that!

Thanks for the list link. I wasn't very vulnerable.... .sigh, hate changing passwords because it takes a while before it becomes automatic.

LOL - PornHub is one of the top 100 sites....