Internet security experts are scrambling to patch an alarming encryption vulnerability that has exposed millions of passwords and personal information, including credit-card numbers, email accounts and a wide range of online commerce.
The Canada Revenue Agency says about 900 customers had their social insurance numbers stolen due to this bug. (The CRA website was closed for six days last week in order to patch the problem, and has extended the tax-filing deadline.)
How big of a deal is this?
Some reports suggest as many as two-thirds of the sites on the Internet are using OpenSSL, the encryption code that we now know is flawed and vulnerable to so-called Heartbleed attacks.
What other websites should I be worried about?
Canadian banks, airlines and online retailers such as Amazon.ca, Wal-Mart and Indigo Books all said they weren