CRA’s terms of use state that the agency is not responsible for “taking all reasonable steps to ensure the security of this website.”
Examining the HTTP responses from the CRA My Account login page, it’s clear that the agency hasn’t even installed some of its most basic security features, according to RiskyBizNews. For example, cookie protection is not configured, not all recommended security headers are used. Not only is this “all reasonable precautions”, but the CRA is missing the basics of securing online web applications.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.