Friday 24 October 2014

Major lenders deny being at risk from serious web bug

Adrian Weckler Technology Editor

Published 11/04/2014 | 02:30

The Heartbleed bug affects millions of computer servers
The Heartbleed bug affects millions of computer servers

IRELAND'S biggest financial institutions have denied that they are at risk from the world's biggest internet security flaw.

Bank of Ireland, AIB and Permanent TSB denied that the so-called 'Heartbleed' security flaw, which makes two-thirds of the world's encrypted websites potentially vulnerable, may affect their systems.

A spokesman for Revenue.ie, which is used by hundreds of thousands of Irish taxpayers, also denied that its encryption technology was affected by the bug.

"The Revenue Commissioners would like to confirm that its public-facing and internal systems have been checked and are safe from the Heartbleed bug," said a spokesman .

Other countries' revenue bodies have moved to take precautionary steps against what has been described as a potentially "catastrophic" security flaw.

"As a preventative measure, the Canadian Revenue Authority has temporarily shut down public access to our online services to safeguard the integrity of the information we hold," said a statement from Canada's equivalent to Revenue.ie.

Online security tools have cast doubt on whether some of Ireland's biggest customer-facing websites are protected against the Heartbleed security flaw, which is being described by experts as one of the most serious security breaches in recent years.

"It's affecting nearly everything across the internet," said Conor Flynn, an IT security expert with Dublin-based ISAS.

Mr Flynn said that big organisations should be thorough about responding to any potential threat from Heartbleed.

"The Canadian tax authorities have responsibly taken themselves off the air to make sure they're not affected. Other big online companies such as Google and Yahoo have released statements to clarify what they're doing too. Big organisations should have incident response plans like this."

But the biggest Irish organisations insist that there is nothing to worry about.

"AIB is aware of the security vulnerability and we have tested all our banking websites and we do not believe that our websites are at risk," said a spokesman for AIB.

Irish Independent

Read More

Editors Choice

Also in Business