Category Archives: Security Updates

Depreciated support for IE10

On 12 January 2016, Microsoft support ends for older versions of Internet Explorer.

Microsoft recently announced that, beginning next Tuesday, 12 January 2016, they will officially retire Internet Explorer versions 8, 9, and 10 for most Windows operating systems. This basically means the end of security updates and technical help for versions of Internet Explorer other than 11, the latest iteration. Internet Explorer has been living on borrowed time since Internet Explorer 11 rolled out in 2013. Its officially the last version with Microsoft now focused on the Edge browser that comes with Windows 10 instead.

Changes to TaxLab minimum requirements

TaxLab will officially be shifting its minimum requirements from Internet Explorer 10 to Internet Explorer 11 from 12 January 2016 in line with Microsoft. While it’s likely that TaxLab will continue to work in Internet Explorer 10 for some time yet, but we will not be optimising our code for it due to its obsolescence and TaxLab features will eventually stop working as well as they should.

What you should do

If you are using an earlier version of Internet Explorer, please update to a modern browser. We recommend using Google Chrome, but also support Mozilla Firefox, Microsoft Internet Explorer 11 and Microsoft Edge. Please contact us on 0800 00 1035 or support@taxlab.co.nz if you would like to know more.

The poodle bug

What is the Poodle bug

A security vulnerability named Poodle Bug was recently identified in an old version of SSL (SSLv3). This may impact some older browsers, which are unsupported by TaxLab. The Poodle Bug is registered in the Common Vulnerabilities and Exposures system as CVE-2014-3566.

Was TaxLab affected

The Poodle Bug only affects older web browsers that TaxLab does not support. In theory this should mean that you were not impacted as it is unlikely you will have been able to use TaxLab from an older unsupported browser.

Actions we have taken

Any time there is a potential threat to the TaxLab system, we conduct a security review. This includes understanding the threat in detail and its potential impact on the TaxLab system and our users. We have disabled SSLv3 for all users of our tax software to ensure they are not vulnerable to this issue (including our tax provision software, income tax return software and FBT software). This should not impact your use of TaxLab as, again, it only affects older unsupported browsers.

What you should do

Keep your web browser up to date as older browsers are more vulnerable to attacks and bugs.

In general, we remind you that its good practice to regularly change any passwords that you use online. You should also use a different password for each site that you use. In particular, you should regularly change your online email password. You should also enable multi-factor authentication if it is available.

If you would like to know more about TaxLab’s response to the Poodle Bug please contact us any time. We don’t publish all of our security precautions (as this would inherently be a poor security practice). However, we would be happy to discuss some of our security precautions with you and how we mitigate risks.

The heartbleed bug

What is the Heartbleed Bug

The Heartbleed Bug is an OpenSSL security flaw that was announced in April 2014. It has since gained a lot of media publicity. The Heartbleed Bug is registered in the Common Vulnerabilities and Exposures system as CVE-2014-0160.

Was TaxLab affected

No. We predominantly use Microsoft technologies including Microsoft Azure, which does not use OpenSSL. As such, TaxLab has been unaffected by the Heartbleed bug. We can assure you that your TaxLab data was not at risk from the Heartbleed Bug. This includes our Tax Provision Software, Income Tax Return Software and FBT Software.

Actions we have taken

Any time there is a potential threat to the TaxLab system, we conduct a security review. This includes understanding the threat in detail and its potential impact on the TaxLab system and our users. We have evaluated Microsoft’s response and release of information regarding Microsoft Azure and Heartbleed. We can rely on their systems as unaffected.

What you should do

While TaxLab was not vulnerable, other services that you use from other companies may have been impacted. If you use the same password for TaxLab as other websites or services, we recommend you change your TaxLab password immediately. Beyond that, no further action is necessary in respect of TaxLab’s tax software system.

In general, we remind you that its good practice to regularly change any passwords that you use online. You should also use a different password for each site that you use. In particular, you should regularly change your online email password. You should also enable multi-factor authentication if it is available.

If you would like to know more about TaxLab’s response to the Heartbleed Bug please contact us any time. We don’t publish all of our security precautions (as this would inherently be a poor security practice). However, we would be happy to discuss some of our security precautions with you and how we mitigate risks.