John Lester of JL Computers in Cornwall.
By Steven Smeall
CORNWALL, Ontario – Computer users around the area have been left in panic after news of a software defect known as Heartbleed was released to the public.
The bug was found in the OpenSSL library, something that is used by many websites throughout the world. Heartbleed allows hackers to gain access to a server, which hosts all incoming and outgoing data, and allows them to take some of it.
The data taken could be anything from your user name and password to important personal information. The Canadian Revenue Agency announced Monday morning that 900 social insurance numbers (SIN) were taken from their servers. Letters were sent out to those affected.
John Lester, owner of JL Computers, said that the store is receiving many calls from the public who are worried about the bug.
“You end up giving information where it shouldn’t be given,” said Lester. “Once they got your SIN, your name, and your address they then have three critical bits of your information. They can then apply for things or get something else and you become a victim of identity theft.”
Through the upcoming weeks and possibly months, programmers will be hard at work to patch up the issue. While eventually it will be repaired, Lester recommends that the public play it safe.
“Make a point of changing your passwords on critical sites,” said Lester. “You should look at your email passwords. Change those monthly. Change bank passwords monthly as well. It’s just something you should do.”
Hackers can only access the first 64 kilobytes of data going in or out of the server, limiting what they can take. Depending on the website, it is still important to change up passwords and keep an eye on bank accounts.
Michael Galvin of Computer Sense in Cornwall agreed it's important to remain vigilant.
"If you think that you have been a victim of these sorts of attacks it is imperative that one contacts their credit card and let them know what has happened," he said. "Then your computer should be checked out by a reputable organization to ensure that the attackers have not left any other malicious software or 'back doors' behind that can be used in future attacks."