We’ve written blog posts before on the tax deadline and how to deal with it, but the major item in the news of late is this new Heartbleed bug and the fact that CRA shut down all their electronic services as a precautionary measure against it. We know what you’re thinking. First, exactly what is this thing and how vulnerable am I, and secondly, it’s practically the end of April and I have to file my taxes, what the heck am I supposed to do?
To begin with, the Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Death © 2014 20th Century Fox Film Corp.
Not intended to imply any endorsement by 20th Century Fox Film Corp.
So this bug has actually been around for about two years, and it’s potentially a huge problem since attacks leave no traces. While many sites were not in fact vulnerable to the attack (especially those not using OpenSSL) several major sites were including Google, so Gmail users out there should definitely change your passwords…
Incidentally, TaxTron and Softron’s websites were not vulnerable to the bug. As well, none of your credit card information is stored by our websites.
The good news is that CRA has brought their systems back up and electronic services have resumed. Taxpayers and the CRA have certainty on the filing of returns through a confirmation code that is issued only upon successful transmission. If you did receive a code, your return was successfully filed. You can also check the status of your return on My Account.
For the individual filers out there, the situation has changed somewhat. While the tax deadline hasn’t actually changed, the Minister of National Revenue has announced that interest and penalties will not be applied to individual taxpayers filing their 2013 tax returns after April 30, 2014 for a period equal to the length of this service interruption. This means individual tax returns for 2013 filed by May 5, 2014 will not incur interest or penalties.
For more information and to check your favourite sites for vulnerability to the Heartbleed bug, check out https://lastpass.com/heartbleed/