Not even the Canada Revenue Agency is immune to security problems. In January, the Canada Revenue Agency was the subject of high profile phishing attacks. Then, in April, I wrote a tongue-in-cheek article about some problems the CRA has had with securely disposing of old hard drives. And today, our security guru %^&# ^&%^$&*)@!(, alerted me to a rather terrifying problem with the CRA's ePass service.

To those of you not familiar with the program, ePass is a great way to access Canadian Tax services. If you use the service, you can file/change your returns online, update your address/banking information and even file disputes. Sounds like a great service, doesn't it? It is, though, unfortunately, using the service might make you markedly less secure.

It turns out that in order to use ePass with a Windows Operating System, you must use either IE6, IE7, or Firefox 2.0.0.7 (or higher).  As you can see in the following screenshot (taken from the Canada Revenue Agency's web site) the service does not support Firefox 3.x, or Internet Explorer 8!

So, what is the problem?  For one, Mozilla no longer supports Firefox 2.0 - that old browser no longer receives any security updates and is thus incredibly vulnerable to all sorts of attacks.   You do not have to search very hard to find serious vulnerabilities that affect this particular browser.  And, while Microsoft still supports Internet Explorer 7, it is quickly being phased out in favour of Internet Explorer 8.  

 Now don't get me wrong - new browsers can have serious flaws.  Recent coverage of the serious security flaw in Firefox 3.5 confirms this.  But the point remains that if you are going to go online, you should, at least, use an updated browser/operating system.  Unfortunately, the Canada Revenue Agency does not think this should be a priority.  What do you think?