Heartbleed Virus

News, discussion and questions about technology and computers, whether broadcast-related or not.

Heartbleed Virus

Postby radiofan » Wed Apr 09, 2014 12:30 pm

Heartbleed web security bug: What you need to know

How to protect yourself in the wake of the serious bug on two-thirds of the web

CBC News

Posted:Apr 09, 2014 11:12 AM ET
Last Updated:Apr 09, 2014 3:02 PM ET


Your passwords and financial information may have been exposed by a security bug in code used by two-thirds of "secure" websites on the internet, including the Canada Revenue Agency and Yahoo. Here's what you need to know.

What is Heartbleed?

Heartbleed is a security bug or programming error in popular versions of OpenSSL, software code that encrypts and protects the privacy of your password, banking information and other sensitive data you type into a "secure" website such as Canada Revenue Agency or Yahoo Mail. Such websites can be identified by the little "lock" icon on your browser.

Heartbleed is not a virus or malware, but could be exploited by malware and cybercriminals.

The vulnerability allows "anyone on the internet" to read the memory of the system protected by the bug-affected code. That way, they can get the keys needed to decode and read the data, according security researchers at the Finnish firm Codenomicon who discovered it.

The bug, named for the "heartbeat" part of the code that it affects, was independently discovered recently by Codenomicon and Google Security researcher Neel Mehta. The official name for the vulnerability is CVE-2014-0160.

The researchers have set up a website with more detailed information.

Visit the Heartbleed website

What can cybercriminals access by taking advantage of the bug?

User names, passwords, instant messages, emails, business documents and business communications were all accessible during tests by the researchers.

"This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users," they wrote on an website with information about the bug.

What internet services are affected?

Some websites using the code are the Canada Revenue Agency site, which was partially shut down Wednesday to deal with the security hole, just weeks before the Canadian tax deadline; and Yahoo services, including email, the Flickr photo site and the Tumblr blogging site. The company said most of its services had been secured by Tuesday afternoon.

According to Codenomicon, OpenSSL is the most popular open-source code used for encryption on the internet. The versions with the bug are used by more than two-thirds of active websites on the internet, as well as email and chat servers, virtual private networks and some hardware devices such as routers or storage servers. The code has been in use for more than two years.

However, many "large consumer sites" aren't affected because of their "conservative" choice of equipment and software.

"Ironically smaller and more progressive services or those who have upgraded to latest and best encryption will be affected most," Codenomicon says.

Since a Google researcher co-discovered the bug, Google patched all its services before the vulnerability was widely publicized and the company says it has no evidence that the bug was exploited previously.

Has my private information been stolen as a result of the bug?

We don't know. Tests showed that eavesdropping via the bug left no trace.

To make matters worse, the bug-affected code has been used by internet services for more than two years.

"I don't think anyone that had been using this technology is in a position to definitively say they weren't compromised," David Chartier, CEO of Codenomicon, told The Associated Press.

Can the bug be fixed?

Yes, but not by you.

A fixed version of OpenSSL was released on Monday, April 7. Websites and other services can be secured by using it or by disabling the affected part of the code. Then it needs to be incorporated into their software and the fixed software needs to be installed. That isn't always easy, especially for certain kinds of devices.

How can I protect myself?

Ari Takanen, chief technology officer for Codenomicon, advises you to wait for an official statement from the internet services you use (indicating that they have fixed the bug) and follow their guidelines.

Typically, that will involve things like changing your password. That is something you may have to do across many —services you use.

However, steps like that are useless until the security hole has been fixed for the affected services.

"Changing before the service is patched could expose the new password," said a spokesperson for Google, who also noted that passwords do not need to be changed for Google services because of its early implementation of a bug fix.

In the meantime, a number of sites have have been set up where you can check if the web services you're using are vulnerable, including this one, set up by Italian security researcher Filippo Valsorda.

Visit the Heartbleed test site

You might want to stay away from sites identified as "vulnerable" for now.

Security experts also recommend as a general rule that you use strong passwords that are different for different internet services and that you change them regularly.

http://www.cbc.ca/m/touch/technology/story/1.2603988
Those who danced were thought to be quite insane by those who couldn't hear the music.
User avatar
radiofan
Advanced Member
 
Posts: 13719
Joined: Sun Apr 16, 2006 2:24 pm
Location: Keremeos, BC

Re: Heartbleed Virus

Postby Howaboutthat » Wed Apr 09, 2014 1:35 pm

Of course the political nitwits have been quick to jump on this. Thanks to Canadian Press - From the 'Nitwit in Chief':

While the problem is international in nature, Opposition NDP Leader Tom Mulcair was quick to pounce on the Harper Conservatives for failing to adequately protect and provide services to Canadians.

“The Conservatives are such poor public managers that they can’t deliver the grain, they can’t even deliver the mail and now at tax time they can’t even communicate with Canadians through the revenue agency,” Mulcair said.

Liberal Leader Justin Trudeau, however, was prepared to cut the Tories some slack, saying he would support any measures needed to battle the bug.
Houston, We're dealing with morons!.
User avatar
Howaboutthat
Advanced Member
 
Posts: 2509
Joined: Fri Jul 13, 2007 9:28 pm
Location: Vernon

Re: Heartbleed Virus

Postby PMC » Wed Apr 09, 2014 4:40 pm

The fix for the bug is easy, and can be downloaded. It is NOT a virus. It is a bug, a hole, that exists in the source code that `could be' a problem.

Why a politician would step into this, seems poorly directed... btw yesterday was `patch tuesday', a day for fixing these things.
PMC
 

Re: Heartbleed Virus

Postby jon » Fri Apr 11, 2014 4:54 pm

Heartbleed Bug's 'Voluntary' Origins
Internet Security Relies on a Small Team of Coders, Most of Them Volunteers; Flaw Was a Fluke
By
Danny Yadron
Updated April 11, 2014 7:22 p.m. ET
Technology
Wall Street Journal

The encryption flaw that punctured the heart of the Internet this week underscores a weakness in Internet security: It is mostly managed by four European coders and a former military consultant in Maryland.

Most of the 11-member team are volunteers; only one works full time. Their budget is less than $1 million a year. The Heartbleed bug, revealed Monday, was the product of a fluke introduced by a young German researcher.

"It's sort of shocking how few people are at the heart of it," said Kenneth White, an encryption expert at Social & Scientific Systems Inc. in North Carolina. "This is some of the most complex communication code that exists on the Internet."

The OpenSSL Project was founded in 1998 to create a free set of encryption tools that has since been adopted by two-thirds of Web servers. Websites, network-equipment companies and governments use OpenSSL tools to protect personal and other sensitive information online.

So when researchers at Google Inc. and Codenomicon on Monday stated that Heartbleed could allow hackers to steal such data, the Internet went into a panic.

The frenzy intensified Friday after Bloomberg News reported that the National Security Agency knew about the hole for two years but kept it secret to gather intelligence on foreign targets. The NSA, White House and Office of the Director of National Intelligence denied the report. "Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," White House National Security Council spokeswoman Caitlin Hayden said.

Earlier in the day, a German volunteer coder admitted that he had unintentionally introduced the bug on New Year's Eve 2011 while working on bug fixes for OpenSSL. Robin Seggelmann, a 31-year-old who now works for T-Systems, a unit of Deutsche Telekom AG, said in a blog entry posted by the company that the error had been overlooked by multiple coders working on OpenSSL.

Errors in complex code are inevitable— Microsoft Corp., Apple Inc. and Google announce flaws monthly. But people close to OpenSSL, which relies in part on donations, say a lack of funding and manpower exacerbated the problem and allowed it to go unnoticed for two years.

Heartbleed also raises questions about whether so much of the Internet should rely on a single technology to keep secrets. "Anytime you have a monoculture, one bug is going to make everyone insecure," said Matthew Green, an encryption expert at Johns Hopkins University.

The OpenSSL Project counts a sole full-time developer: Stephen Henson, a 46-year-old British cryptographer with a Ph.D. in mathematics. Two other U.K. residents and a developer in Germany fill out the project's management team.

Associates describe Mr. Henson as brilliant but standoffish and overloaded with work. On his website, he lists encryption questions that are "welcome and not welcome" and compares his responsibilities to those of Bill Gates when he managed Microsoft. "Yes, oddly enough some people have actually met me," Mr. Henson writes.

Of companies asking for free advice on using OpenSSL, he asks, "Well, how would your company respond if I contacted them and demanded large amounts of free consultancy?"

Here's how the OpenSSL Project works: The team is constantly refining a type of encryption called secure sockets layer (SSL) or transport layer security (TLS), which guards against hackers reading data that users send to websites. This type of encryption was invented in the 1990s by Eric Young, now an engineer in Australia for RSA, EMC Corp.'s security unit.

All members of the OpenSSL team are outside the U.S., to avoid arms export laws that apply to advanced encryption.

Geoffrey Thorpe, an OpenSSL volunteer on the development team, said he has little time to spend on the project because of his day job at a hardware technology company.

"You might say that it's like sewerage processing in a way, messy, complicated and usually taken for granted right up until it goes wrong," said Mr. Thorpe, who lives in Quebec City.

Last decade, Steve Marquess, a former U.S. Defense Department consultant living in Maryland, started the OpenSSL Software Foundation to secure donations and consulting contracts for the group.

Mr. Marquess has helped garner sponsorships from the U.S. Department of Homeland Security and the Defense Department. He couldn't confirm the veracity of Friday's Bloomberg story.

The foundation has seen a slight uptick in donations since Heartbleed was disclosed, though most still come in $5 and $10 increments. More than anything, OpenSSL needs more manpower to audit code.

Qualys Inc., a California cybersecurity company, said it donated a small amount to the OpenSSL Software Foundation to work on security code. A company spokesman wouldn't disclose the amount, but said the fact OpenSSL lists Qualys as a "major contributor" indicates it is "woefully underfunded."
User avatar
jon
Advanced Member
 
Posts: 9256
Joined: Mon May 08, 2006 10:15 am
Location: Edmonton

Re: Heartbleed Virus

Postby jon » Fri Apr 11, 2014 5:01 pm

CHCH Hamilton reports that the CRA still hopes to have their on-line tax filing systems available by this weekend, i.e. - in the next few hours.

However, the CRA's daily 3pm report on the subject had this to say in their Friday report:
CRA update regarding the Heartbleed Bug - Friday, April 11, 3 pm

Earlier this week, due to the security vulnerability posed by the Heartbleed bug, the Canada Revenue Agency (CRA) took the preventative measure of removing public access to online services in order to protect the confidentiality of the taxpayer information it holds.

The CRA is making good progress. We continue to anticipate a resumption of our e-services over the weekend.

As noted in previous statements, the Minister of National Revenue has confirmed that interest and penalties will not be applied to individual taxpayers filing their 2013 tax returns after April 30, 2014 for a period equal to the length of this service interruption.

The Agency appreciates the cooperation and patience of the public and our business and taxpayer representative communities. We remain committed to maintaining the confidence of Canadians by taking all steps necessary to ensure the security of taxpayer information.

We will continue to provide further information and daily updates at 3PM EDT on our home page.
User avatar
jon
Advanced Member
 
Posts: 9256
Joined: Mon May 08, 2006 10:15 am
Location: Edmonton

Re: Heartbleed Virus

Postby jon » Sat Apr 12, 2014 8:39 am

A consumer’s guide to making sure you are not a Heartbleed victim
By Gillian Shaw, Vancouver Sun
April 12, 2014 9:23 AM

If this week’s Heartbleed scare has left you daunted at the task of cleaning up your sloppy online security, you’re not alone.

The security management company LastPass estimates the average Internet user has 25 passwords. And many people break all the security rules and use the same password for more than one website. And you start counting the number of sites you sign into - from your bank, to Facebook, to that online store where you bought a Christmas present three years ago - you could find you have 50 to 100 online accounts and some people have many more.

Should you panic about Heartbleed?

If your password is Fluff1thec@t and you’ve used it on every site you’ve ever signed into, maybe you should skip tonight’s date and triage.

For the rest, the best advice I’ve heard comes from Mark Nunnikhoven, a vice-president with Trend Micro: “It’s no use stressing out over it.”

But, he added, there are things you can do that will take care of 80 to 90 per cent of your potential risk from Heartbleed.

With advice from Nunnikhoven and other experts, here is a consumer’s guide to staunching the Heartbleed.

1. Don’t forget your phone or tablet

Heartbleed isn’t just about websites on your PC. Close to half of all Canadians have smartphones and we’re on our way to having what Cisco estimates will be five devices each by 2017. Nunnikhoven warns your tablet or smartphone could be connecting to something that’s vulnerable online. Good news for Apple users, that company has said none of its services - its mobile iOS, desktop or Web services - were affected by Heartbleed. Nunnikhoven said Android phones that are less than two years old probably won’t have the issue but phones two years or older could have. And for all phones and mobile devices, if you are signing in through a website and not an app, the same advice applies as for web services so take precautions.

2. Check online accounts before you change passwords

If you use the same password on all your accounts, start changing them anyway because any one will give a hacker access to all your accounts. Otherwise, check to see if a website has been fixed. If it hasn’t been, you could change your password and a hacker could come along later and unbeknownst to you, collect the new password.

3. But I have 147 accounts!

If you have dozens of accounts, this can be scary but start with the most important — the email account you use to get password resets and other info that could give a hacker the keys to taking over your ID. Canadian banks and credit union weren’t affected but make sure you have a unique password for online banking and take advantage of the extra security tools that may be offered by your bank or credit union.

4. How do I check to see if a website has been affected?

There are several ways. The best websites notified you by email or on their website - the Canadian Revenue Agency gets top marks for its immediate disclosure and action in shutting down vulnerable sites. There are online tools to check if a website is vulnerable and/or if it has been fixed. LastPass has a good one that tells you if a site was vulnerable and if it is now safe to change your password. Mashable is updating a list of major sites as news comes in. Google was and is fixed, LinkedIn wasn’t, Facebook fixed it before Heartbleed was made public. Full list here.

5. Does a company have to warn me if it has been affected

If you live in Alberta, privacy laws provide for mandatory reporting of privacy breaches. In B.C., no. In Canada, amendments to privacy laws have been proposed in the Digital Privacy Act Bill S-4, which provides for breach notification but it also contains controversial amendments, which Michael Geist, who holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa warns “could massively expand warrantless disclosure of personal information.” In B.C., a legislative committee is reviewing the province’s privacy legislation. Breach disclosure was among the recommendations made by BC’s Privacy Commissioner Elizabeth Denham in 2008, the last time the law was reviewed by a legislative committee.

6. I can’t remember a different password for every account?

You don’t have to. That’s what password management tools are for. Plus they’ll generate those 12-character massively complex passwords that you could never remember but are way more secure than your pet’s name. There are a number of possibilities and you can check them out to see what best suits your needs - ease of use and availability on all your devices is key. Most are free and with paid versions for extra features like service for all your mobile devices. LastPass and KeePass will import from many of their competitors. Don’t Google for password management software. Better to go straight to a website you know or check CNET Reviews to make sure you’re not landing on a bogus website that will install malicious software on your computer.

7. Time for spring cleaning

Remember that one time online purchase at Target online from three years back? Well, when Target had a security breach, there went the credit card info you forgot Target even had. Go through every account you have, whether it’s a store you no longer shop at or an obscure social media network you never use any more and take the steps necessary to close down your account.

8. Keep watch

Don’t wait for your credit card bill or bank statement to arrive. Keep a check on your accounts online for suspicious activity. The same for your email and social media accounts. If friends start questioning your spammy Facebook posts, chances are you’ve been hacked.

9. Is your hard drive whirring when you’re not using it?

Your computer might have been infected by malicious software. A lot of us tend to be a little lax about updating operating systems, keeping antivirus up-to-date and paying attention to our computer’s performance. Now would be a good time to fix that. “People get lazy, they don’t change passwords, update passwords, they let anti virus software go,” said Doug Cooke director of sales engineering at McAfee. “We just have to keep it up.”

10. Protect your credit

In the U.S., identity theft protection services such as credit monitoring are in high demand and companies that find their customers’ data compromised will offer things like free credit monitoring for a year. Tim Ashby, vice-president of personal solutions at Equifax Canada recommends consumers take advantage of free credit reporting here.

“In the U.S., you’re entitled under federal legislation to one credit report annually,” he said. “In Canada, you can get a free credit report whenever you want.”

You can also pay for additional services, such as credit monitoring or to set up a fraud alert on your account. With a fraud alert, if anyone tries to get a credit card, mortgage, loan or otherwise use your identity get money, you and the potential lender will be alerted.

Better than finding out when the bills start coming in.

Final advice: Relax

While you don’t want to ignore Heartbleed and hope for the best, no one knows yet if hackers infiltrated websites that had the flawed security software. Take precautionary steps but don’t let it keep you awake at night. Don’t panic and click on a link in an email purporting to be from your bank or another account and asking you to change your password because of Heartbleed. The security scare has crooks rushing to take advantage of the panic.

gshaw@vancouversun.com
Follow me: @GillianShaw
Read my blog: Digital Life
User avatar
jon
Advanced Member
 
Posts: 9256
Joined: Mon May 08, 2006 10:15 am
Location: Edmonton

Re: Heartbleed Virus

Postby jon » Sat Apr 12, 2014 9:02 am

Only major comment is on #9: "9. Is your hard drive whirring when you’re not using it?"

Windows is set, by default, to index your hard drives. That is one cause of whirring you shouldn't worry about.

Most anti-virus programs are set up to automatically start scanning once a day or once a week. Most display a message when they start the automatic scan. But most do not warn you when they automatically update their "virus signatures" as frequently as every hour.

If you have automatic backup software, it will frequently do a File Scan, looking for changes since the last time it backed up.

All these cause whirring of hard drives.

Personally, I find running Task Manager much more helpful. A week ago today, I noticed a program with a random name running twice, one of which was using a fair bit of processor time and never stopping. A right mouse click and more details on the program really got me worried. Not likely to have a description of "SmellyTie To" by a company name of a Payment company I'd never heard of.

I stopped the program, located it on my hard drive and moved it to a folder on my desktop, as it was set up to automatically restart as a Service. It had overwritten every spreadsheet, word processing document and Adobe PDF on my C: drive and got about 25% of the way through my large second hard drive. First destructive virus I've had since I started Computing in 1971.

My anti-virus software had caught and destroyed the software that randomly loaded that virus on my computer, but did not notice the virus itself for almost 48 hours. Even when I asked it manually to scan the folder where I had moved the virus to.

The overwrite was done in a clever way. No change in Date Modified or Size of file, so you have to check each file to know. Fortunately, the way my backup works, it would not re-backup that file, because it wouldn't know it changed, so, if I missed any files last Saturday when I spent most of the day restoring, I could still get a clean copy of an overwritten file 5 years from now.

None of this, of course, was caused, indirectly or directly, by Heartbleed. But I mention it simply to provide some background on why Task Manager is a better tool than a whirring hard drive to detect viruses.

I should also mention that my losses were a lot less than they would have been had I been using a Windows Admin user name, which is the default. The virus had been installed in my User Settings (/Local/) and did not have access to my Windows system files. Had I been on an Admin ID, I probably would have had to re-install Windows.

There was one other odd symptom, by the way. The video that plays when you hit the PayPal home page wouldn't work beginning when the infection first occurred. But the program did not do the overwriting until it was activated by a reboot.
User avatar
jon
Advanced Member
 
Posts: 9256
Joined: Mon May 08, 2006 10:15 am
Location: Edmonton

Re: Heartbleed Virus

Postby Eldon-Mr.CFAY » Sat Apr 12, 2014 7:45 pm

Greetings everyone. Good example of why not to do important financial banking transactions online!!! I do all my banking in person even if there is a line-up. I prefer people to people contact and don't depend on the internet for everything I do. Too many people are putting all their eggs into the internet basket and to me that is very foolish. Never put all your faith in one thing!!! That includes the internet , facebook , twitter etc. etc. I never put all my eggs in one basket as the old saying goes. I suppose PayPal is one of the safest things to do on the internet but I have not even signed up for that yet and not sure if I will!!! I prefer the old fashioned way to do things, in person or using money orders , certified checks etc. I use the internet for a lot of information gathering but not everything. I have never used it for financial banking transactions and Never Will!!!! I just don't trust it!!! So it does not surprise me that this has happened at all!! I am sure there will be a lot more to come compromising financial dealings on websites in the near future. If you like to play Russian Roulette be my guest and do all your financial transactions on the internet at your own peril!

Take care everyone and remember the old say Healthy, Wealthy and most important of all WISE!!!

73s Eldon
Bye . . Mr. CFAY "Frequently On The Frequency"
The CFAY Website: http://cfayradio.wordpress.com
CFAY Radio: http://tinyurl.com/l9qqmh
User avatar
Eldon-Mr.CFAY
Advanced Member
 
Posts: 526
Joined: Fri May 01, 2009 3:09 pm
Location: P.O. Box 3536, Langley, BC V3A 4R9

Re: Heartbleed Virus

Postby jon » Sat Apr 12, 2014 9:10 pm

In fairness to the Banks, at least the Canadian ones, they had the issue (Heartbleed) fixed Day One.

As for the Canadian Revenue Agency, they are getting a lot of Kudos for having the guts to shut everything down until they are sure they have it licked.

The Banks have everything to lose by not resolving an issue like this. Many, probably most, have a prominent statement on their secure banking and investment sites promising to 100% cover any loses caused by any kind of on-line Fraud. A far cry from the battle I had with the Bank of Montreal in the mid-1980s when their ATM ("Banking Machine") agreement required you to hold them blameless for Fraud committed against you by their own employees.

By my estimation, on-line banking is safer than using an ATM. Not that either involves much risk.

I find it telling that my sister-in-law has not set foot within her home bank branch since she graduated from University at the beginning of the 1990s. And she never will. I drove by it a week ago and it has been bulldozed! To build what, I'm not sure.
User avatar
jon
Advanced Member
 
Posts: 9256
Joined: Mon May 08, 2006 10:15 am
Location: Edmonton

Re: Heartbleed Virus

Postby Howaboutthat » Sat Apr 12, 2014 9:11 pm

Eldon-Mr.CFAY wrote: Good example of why not to do important financial banking transactions online!!! Eldon


Man it's annoying when ignorant people spout off about something they admittedly know nothing about.
No Canadian banks were affected by this, (most do not use the source code in question) and I have yet to see any reports that anyone's tax information was compromised.
Everything I have read so far has talked of preventative measures.
And what's the deal with the exclamation marks?
Houston, We're dealing with morons!.
User avatar
Howaboutthat
Advanced Member
 
Posts: 2509
Joined: Fri Jul 13, 2007 9:28 pm
Location: Vernon

Re: Heartbleed Virus

Postby jon » Sat Apr 12, 2014 9:22 pm

I wasn't clear on which Banks, if any, used OpenSSL. Here is a typical statement, this one from the TD:
Notice to customers about Heartbleed security bug:
TD has already put in place defenses to protect against this potential threat so customers can conduct their banking securely and without their data being at risk. TD also has multi-layered authentication safeguards in place. Although no customer actions are necessary at this time, we generally recommend changing passwords regularly.
User avatar
jon
Advanced Member
 
Posts: 9256
Joined: Mon May 08, 2006 10:15 am
Location: Edmonton

Re: Heartbleed Virus

Postby Eldon-Mr.CFAY » Sat Apr 12, 2014 11:11 pm

Hi Everyone,
I am not saying any banks were compromised to this point but it potentially could be. I stand by what I said completely and absolutely refuse to do online banking or any online financial dealings period. I don't give a rats butt what anyone else has to say about it!!! I prefer in person financial dealings and thats the way I see it. I err on caution, I hate online financial transactions period!!!! So you can do what you like. But like I said before I really feel further online problems will continue in the future. I use caution and wisdom in this, if you are so confident in online financial transactions continue to do so but I will not pursue it period! I seldom use ATM machines either. Like I said before I prefer my financial dealings to be done the old fashioned way and won't change that!!!

Take care everyone and don't expect everyone to be ignorant if they don't agree with you!!! I for one do not!!!

73s Eldon
Bye . . Mr. CFAY "Frequently On The Frequency"
The CFAY Website: http://cfayradio.wordpress.com
CFAY Radio: http://tinyurl.com/l9qqmh
User avatar
Eldon-Mr.CFAY
Advanced Member
 
Posts: 526
Joined: Fri May 01, 2009 3:09 pm
Location: P.O. Box 3536, Langley, BC V3A 4R9

Re: Heartbleed Virus

Postby Eldon-Mr.CFAY » Sun Apr 13, 2014 12:09 am

Greetings,
By the way speaking of in-person banking I have found that some banks have customer appreciation day monthly or every few months where they will have cookies, cake, coffee, juice etc. for in-person customers. Its a really nice gesture and gives customers a chance to interact with the staff at your local bank which is important. I have also received candies, chocolates, a t shirt, pens, and a really nice bank hat from my local bank in recent years simply because I do my banking in person and not online! By the way i have had dealings with the bank for years since my parents opened my first bank account for me when I was 10 years old. Even when I have had very small amounts in my accounts I have always been treated with good service by most employees and tellers at the banks I have dealt with in Ontario, Calgary and in Langley. Of the big five banks I deal with two of them. I used to deal with the TD and may again. They seem to have fantastic in-person service and really good hours, even open at many locations on Sunday now. I still have my old Green Machine Card but unfortunately stopped dealing with the TD about 20 years ago or so. Currently I like the TD the best and Ann has found it to be very good and will not deal with any other bank. Like me and quite a few relatives and friends she will only do in-person banking and not online. I used to use the ATM Bank Machines when I lived in Toronto in the early 80s and in Calgary as well as BC until I saw half a dozen people get their bank machine cards taken by the machine at the worst possible time. One poor lady was using a Commerce Bank Machine at the Langley 7/11 and almost went crazy when she did not get any money and could not get her card back about a day before christmas and she had to do christmas shopping and had no money to do it. Less than 24 hours and of course 7/11 employees could do nothing to help her. Apparently she was leaving to go out of town for christmas and the next day was Dec. 24th... I also saw several other examples , one in Calgary where I was with a good friend and we were going out for dinner but he could not get money out of the machine because the ATM stole his card and did not return it. Lucky I had some cash on me and was able to take pay for the dinner that night. I have witnessed at least 4 or 5 other examples of bank machines causing similar problems for people at the worst possible time at night when the bank was closed and nothing could be done till the next day about it!! I never had any problems myself using my bank cards in the machines at the banks I have been dealing with but because of all this do not use the ATM machines very often. Even if there is a remote chance of the machine taking my card and not returning it or giving me cash, I am very busy and don't have time for any possible hassle this way. I try to avoid potential hassles like this like the plague so thats another reason why I like in-person banking where I am talking to a live real human being and not dealing with some machine or inhuman technology!

Take care everyone! 73s Eldon
Bye . . Mr. CFAY "Frequently On The Frequency"
The CFAY Website: http://cfayradio.wordpress.com
CFAY Radio: http://tinyurl.com/l9qqmh
User avatar
Eldon-Mr.CFAY
Advanced Member
 
Posts: 526
Joined: Fri May 01, 2009 3:09 pm
Location: P.O. Box 3536, Langley, BC V3A 4R9

Re: Heartbleed Virus

Postby PMC » Sun Apr 13, 2014 9:01 am

There is nothing wrong with OpenSSL. The bug can be fixed. This press hype seems to be more in the methods of selling cultured paranoia. If the spies want to access your data, openssl is not going to stop them. All your traffic can be recorded, and then played back, as if it were you, so don't sweat this minor bug ! I personally believe that all who sell encryption should be put on a bus and taken to the nearest psych ward for evaluation. :lol:
PMC
 

Re: Heartbleed Virus

Postby jon » Mon Apr 14, 2014 5:17 pm

"Social Insurance Numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability....Each person will receive a registered letter to inform them of the breach." - Andrew Treusch, Commissioner, Canada Revenue Agency.

If you get a phone call, e-mail or someone coming to your door claiming to be from the Tax Department, don't believe it. Everyone will get a registered letter if they've had their info stolen from the CRA site.
User avatar
jon
Advanced Member
 
Posts: 9256
Joined: Mon May 08, 2006 10:15 am
Location: Edmonton

Next

Return to Computer & Technology News

Who is online

Users browsing this forum: No registered users and 101 guests

cron