City of Hamilton fights Heartbleed bug threat
The city says it has taken steps to protect its website from the Heartbleed computer bug in that has left passwords and financial information exposed across the web.
The city installed patches on its website against the bug Wednesday afternoon, two days after the bug was first reported online.
The city’s website, which includes a number of sections that would contain personal information such as pages for parking permit online payments, forms for city programs and even complaint forms, was exposed to the Heartbleed bug until that time.
Heartbleed forced the shutdown of the Canada Revenue Agency website, as a supposed threat to sites that use the most popular code to encrypt private data: OpenSSL.
An online susceptibility test revealed the city’s site was at risk. There is no indication that any personal data was leaked.
City spokesperson Mike Kirkopoulos said the city’s IT division had “applied the appropriate vendor-provided patches” and that the potential leak had been sealed.
When the Heartbleed bug was revealed, it was discovered several sites, including Yahoo.com, were potentially at risk.
Adrian Duyzer, the chief technology officer at Hamilton-based web design studio factor[e], warned that any business should be actively working on patching the bug, while shutting down service to protect private customer data.
“Anyone who is vulnerable to this bug has the possibility that their entire server’s memory has been copied by somebody or more than one person,” said Duyzer.
“What they should probably do, those organizations, is to shut down access... It’s better to do that I would think than stay open with this vulnerability open.”
Duyzer could not speak specifically to what could have been vulnerable on the city’s website, but said the Heartbleed bug steals a random 64KB chunk of the server’s memory. He added that there are coding scripts that can “hammer the server with this request and you can get essentially a complete dump of the memory of the server.
“You can retrieve basically anything in memory at that time.”