ePass Falls Down, Goes Boom

Posted on March 7, 2007
Filed Under /dev/null/ | 58 views |

About a year ago I tried to use Canada’s ePass system to file my taxes, and blogged about what a brutally bad, buggy system it was. Two months ago Jonathan pointed out that ePass is prone to a number of basic security vulnerabilities. Amusingly, in both cases we were later anonymously attacked by commenters on our post who’s IP addresses traced back to Ottawa (hello ePass developers/maintainers).

This week the government has taken ePass offline, says the Toronto Star:

The CRA ordered its Efile, Telefile and Netfile services suspended after a malfunction was discovered in the agency’s database on Monday night.

CRA spokesperson Jacqueline Couture said the problem resulted in scrambled information in electronic tax returns.

For instance, in some cases the field for the social insurance number was instead filled in with a birth date.

The article continues:

Couture said there has been no indication that the problem resulted from hacking or a computer virus.

I believe that. The system is buggy enough that there’s no need to introduce extra attack vectors to explain away the problems.

Comments

• 
  

• The Other Blog (for geeks)

  binary code

• Pages

  • Installing calc.pl under OS X
  • Ruby Class: Mach Speed
  • Ruby Class: Temperature Conversion

• Recent Posts

  • This is The End
  • Yeah Sure, Go Nuts
  • iTunes Movies in Canada: First Impressions
  • The Reason Dev Environments Should be Sandboxed
  • CNN Shirts Beta
  • HP Thinks I’m an Idiot
  • But It Always Says It’s Sorry Afterwards!
  • Explaining My Twittering
  • Creative Looks Gift Horse In Mouth, Shoots it In Head, Apologizes Afterwards
  • Ventus Available Gratis

• Software

  • Drop Bocks

• Stuff and Things

  • Accordion Guy
  • blog-j
  • blogaritaville
  • David Akin’s On the Hill
  • Diana Galligan
  • FA: OSX
  • Fingers
  • Full Frontal Lobotomy
  • fuzzz.gaulin.ca
  • Global Nerdy
  • Ice 9
  • Kat Mullaly
  • kattekylling
  • Keebler.net
  • Paul Baranowski
  • Pony
  • Postmodern Sass
  • radical TRUST
  • Raganwald
  • Salad with Steve
  • Spiralgirl
  • The Dust bin

• Categories

  • /dev/code/
  • /dev/debug/
  • /dev/dropbocks/
  • /dev/null/
  • /dev/ruby

• About

  This is an area on your website where you can add text. This will serve as an informative location on your website, where you can talk about your site.

• Search

• Admin

  • Log in
  • Wordpress
  • XHTML