The Canadian government thinks it’s finally safe from the Heartbleed bug.
Canada has brought all of its public websites back online after installing security patches rendering them immune to Heartbleed, the government announced late Sunday evening.
The Treasury Board of Canada issued a directive late Thursday ordering all government websites running the flawed software offline. It called the action a precautionary measure in response to Heartbleed, the OpenSSL bug that may have enabled bad actors to snoop on “secure” communications and that went unnoticed for the past two years.
The Canada Revenue Agency, which brought its systems back online Sunday, said it is extending the filing deadline for tax returns from April 30 to May 5.
“Our systems are back online. We apologize for the delay and the inconvenience it has caused to Canadians,” said CRA Commissioner Andrew Treusch. “That said, the delay was necessary. We could not allow these systems back online until we were fully confident they were safe and secure for Canadian taxpayers.”
Governments and companies are still scrambling to deal with Heartbleed. Millions of Android devices (running Jelly Bean, version 4.1.1) could still be vulnerable, for example. Google is distributing patching information to device makers and operators, which are responsible for making the updates.
Researchers from Google and Finnish company Codenomicon exposed the Heartbleed bug last week. To protect yourself, you should change certain passwords and implement two-factor authentication when possible.