In the News | CBC, Globe and Mail, BNN television, etc. | Raymond Vankrimpen | Heartbleed Bug
Partner Raymond Vankrimpen, cybersecurity expert, weighs in on the Heartbleed Bug…
Raymond Vankrimpen, a Partner at Richter and cybersecurity expert, has provided expert commentary through a variety of media sources on the now infamous Heartbleed Bug. According to Ray, the vulnerability is so critical due to “how widespread it is, the relative ease of exploitation, and the sensitivity of the information it leaks.”
With estimates of up to 500,000 servers (representing approximately 2/3 of web servers on the Internet) and websites such as Yahoo, Google and Canada Revenue agency being affected by the bug, Ray offers some recommendations for protecting yourself:
- Change your password today, particularly on frequently used web services like online banking sites, email service providers, Facebook, etc.
- Change your password again, in a week, and then again a few weeks later. There are patches available for the bug, but it will take some time for service providers to apply them to all servers.
- Use a mix of passwords. Don’t use the same password for online banking that you use for email. It’s a good idea to have three or four different passwords memorized.
- Change your passwords periodically – although this can be a headache, for the short term, it’s particularly important. In the long term, if you adopt this habit, you will be less susceptible to this and future vulnerabilities.
- Keep a close watch on suspicious or abnormal activity on all your online accounts, particularly your bank accounts.
- Periodically – at least annually – check your credit report with organizations like Equifax or Transunion. Make sure the report doesn’t show credit products that you did not sign up for.
For more expert commentary and suggestions from Ray Vankrimpen, check out some of the media coverage, below.
Excerpt: “As security expert Raymond Vankrimpen explains in our story about the CRA shutdown: “The Heartbleed vulnerability occurs when OpenSSL is used in combination with a communication protocol called the RFC6520 heartbeat. Such “heartbeats” help a remote user remain in touch after connecting with a website server …”
Excerpt: “And if the CRA uses that software, many other government organizations will have used it as well,” said Raymond Vankrimpen, a cybersecurity expert with the financial advisory firm Richter. “But it’s not the only vulnerability out there,” he said. “There will be more to come…”
Excerpt: The federal government is likely going through its inventory of servers to decide which websites need to be dealt with first, said cybersecurity expert Raymond Vankrimpen. “They’ve obviously identified this CRA website as a critical one to take offline. But I have no doubt that there are other government websites that use SSL technology,” said Mr. Vankrimpen, a partner at the financial advisory firm Richter.
Excerpt: As security expert Raymond Vankrimpen explains in our story about the CRA shutdown: “The Heartbleed vulnerability occurs when OpenSSL is used in combination with a communication protocol called the RFC6520 heartbeat. Such “heartbeats” help a remote user remain in touch after connecting with a website server …
Excerpt: We’re concerned about it. This is the first time in years that I’ve had to think about what a paper filing system would look like,” said David Hogan, tax partner at Richter in Toronto. “I don’t think we’re on that path right now, but what happens if . . . it’s a prolonged shutdown or they change their policies on e-filing. We have obligations to our clients and staff so we need to be agile and flexible.”
Excerpt: Ray Vankrimpen, a partner with the accounting firm Richter who specializes in risk management, told 680News that with the kind of information obtained with the Heartbleed bug, criminals can do a lot of damage. “All sorts of credit services could be made under different aliases,” he explained. “Your credit score will be damaged and (it) takes a long time to sort through that. It’s a real hassle.”
Excerpt: Stressing he has no personal knowledge of the situation, web security consultant Raymond Vankrimpen with Richter consultancy in Toronto says it’s possible that the 900 affected people may just be those with the bad luck to have logged on before the website was shut down. “In that six-hour window between when the bug was disclosed publicly and they shut down their servers … it could have been the 900 people who accessed the server in that window,” he said in an interview.