Much has been written about Heartbleed and the speed at which various companies have reacted to it. Notably, the Canada Revenue Agency (CRA) closed their online portal for some time and lost hundreds of Social Insurance Numbers. It was also revealed that the NSA has been using the bug for over two years to get (no longer) encrypted traffic.
The issue that Heartbleed has is not unique. Much of what powers the internet has bugs that allow an attacker access to your private information—we just don’t know what those bugs are yet—and we will always exist in this state.
Computer security is not like physical security. Adding extra layers doesn’t necessarily help and no matter what you do, if someone has physical access to the machine it must be treated as compromised. The Snowden revelations show that there is no denying it anymore—we live in a world where very sensitive … Continue reading “What businesses can learn from Heartbleed”
Online services for federal not-for-profit corporations
Corporations Canada has introduced a number of new online services for federal corporations, including those incorporated under the Canada Not-for-profit Corporations Act. Not-for-profit organizations may...
Can customers be encouraged to read privacy policies?
When was the last time you read a privacy policy? I use dozens of online services—email, social networking, data storage, banking, photos, shopping, etc.—and I've only skimmed a couple. What does this mean for the companies that offer these services? Can they reasonably say that they have informed their users of the content of their policies, if most users simply click "Okay" without bothering to read the things?