All federal government websites that use the form of encryption compromised by the Heartbleed Bug have been ordered to cut off public access.
Earlier this week, the Canada Revenue Agency (CRA) suspended public access to its site after it was revealed that an Internet security vulnerability had been discovered in OpenSSL software, which is commonly used to provide online security and privacy, and is used by the CRA’s site which provides access to services such as NETFILE and EFILE. The CRA is testing a patch to fix the issue and hopes to restore access by the weekend.
In the meantime, all federal government websites that use OpenSSL software are suspending public access. President of the Treasury Board, Tony Clement, put out a statement indicating that the federal government’s the chief information officer has issued a directive to all federal government departments to immediately disable public websites that are running unpatched OpenSSL software.
“This action is being taken as a precautionary measure until the appropriate security patches are in place and tested,” he said. “We understand that this will be disruptive, but, under the circumstances, this is the best course of action to protect the privacy of Canadians.”