Heartbleed Fallout Continues: Canada Orders Shutdown of More Gov't Sites

What's This?

A Canadian flag is projected onto a curtain of water before the beginning of the Canada Day Fireworks, over the Ottawa River on July 1, 2012.

Image: Flickr, Jamie McCaffrey

By Lorenzo Franceschi-Bicchierai2014-04-11 17:07:03 UTC

After shutting down its online tax-filing services on Tuesday, Canada is taking further precautionary measures against the Heartbleed Internet security bug. The country is ordering various government agencies to temporarily shut down affected sites.

The chief information officer for the Canadian government sent a directive to all government departments late on Thursday to "immediately disable public websites that are running unpatched OpenSSL software," according to a statement by the President of Canada's Treasury Board.

See also: The Heartbleed Hit List: The Passwords You Need to Change Right Now

"This action is being taken as a precautionary measure until the appropriate security patches are in place and tested," the statement read.

It's unclear which websites will be disabled, as the statement only refers to "certain Government of Canada websites." The Treasury Board said it was a necessary step to ensure Canadians' privacy.

"We understand that this will be disruptive, but, under the circumstances, this is the best course of action to protect the privacy of Canadians," the statement read.

Heartbleed is a bug in the popular open-source encryption software OpenSSL, used to secure data flowing from users' computers to hundreds of thousands of websites. According to estimates, almost two-thirds of all sites use OpenSSL, making this bug one of the most dangerous the Internet has ever seen.

OpenSSL has contained this bug for two years, but security researchers uncovered it only last week. Details were first published on Monday, prompting many sites to rush to fix their servers. The bug potentially allows hackers to access all kinds of sensitive data, such as passwords or credit card numbers on websites that are supposedly secure. However, there is no proof that hackers discovered the flaw and exploited it before the researchers uncovered it.

Many websites patched the problem quickly, while others are still fixing their systems. Many, including Facebook, Instagram and Pinterest have asked users to change their passwords. Mashable is continuously updating a list of popular social media, banking, commerce and other sites that were vulnerable.

The full statement from Canada's Treasury Board is below:

Earlier this week, an Internet security vulnerability named the Heartbleed bug, caused by a flaw in OpenSSL software was detected. OpenSSL is a commonly used software used on the Internet to provide security and privacy.

The Heartbleed bug is affecting many global IT systems in both private and public sector organizations and has the potential to expose private data.

This evening the Chief Information Officer for the Government of Canada issued a directive to all federal government departments to immediately disable public websites that are running unpatched OpenSSL software. This action is being taken as a precautionary measure until the appropriate security patches are in place and tested.

As a result, Canadians will be unable to access certain Government of Canada websites while measures are being applied.

We understand that this will be disruptive, but, under the circumstances, this is the best course of action to protect the privacy of Canadians.

Have something to add to this story? Share it in the comments.

Topics: Canada, heartbleed, Heartbleed Bug, US & World, World