Éric
"We're kind of looking for a needle in a haystack,"
The closure comes on the heels of a recently discovered software vulnerability in a Java-based library of an Apache product — known as Log4j — which the
The Common Vulnerability Scoring System, also used widely around the world, has assessed the current threat at a 10 out of 10.
"Once a system has been analyzed, if it turns out that it's not using the problematic library, the system is automatically back online,"
"It's like saying how many government offices use 60-watt bulbs, we have to go around and look at each one of them,"
The province's Clic Santé portal used for booking COVID-19 vaccine appointments across
Marc-Etienne Léveillé, a cybersecurity expert for the international internet security company ESET, said global internet traffic has spiked significantly since Friday, adding he's noticed many users trying to find vulnerable services to hack.
He said while the software's vulnerability should not impact the general public, websites storing personal data — such as the
The vulnerability allows code to be executed over the internet, Léveillé said.
"The flaw allows it to bypass security, in other words," he said.
The province, however, has no current indication that systems have been compromised or personal data was accessed,
The
Léveillé welcomed the government's precautionary measures, saying it might have prevented major data breaches.
"One of the big problems was that everyone was made aware of the flaw at the same time, Léveillé said. "The developers and its users didn't have time to correct the issue before people started to jump on the vulnerability. And since there are a lot of systems that use the software across the world, it will take many months to find which ones are vulnerable to that flaw."
Federal Defence Minister
"Out of an abundance of caution, some departments have taken their services off-line while any potential vulnerabilities are assessed and mitigated," Anand said. "At this point, we have no indication these vulnerabilities have been exploited on government servers."
This report by
© 2021 The Canadian Press. All rights reserved., source