Heartbleed OpenSSL Security Flaw
What is it:
You may have been hearing warnings from the news media to “change your passwords” or maybe “don’t go on the Internet” or even “don’t login to online banking”. And you’re now wondering what this announcement is all about.
On April 7th researchers discovered a flaw that has been dubbed “Heartbleed”. Heartbleed is a flaw in OpenSSL, an open-source encryption technology that is used by an estimated two-thirds of Web servers. This technology is utilized by many HTTPS websites that collect personal or financial information. These sites are typically identified by a lock icon that will appear in your browser to let you know the information that is being displayed online is hidden from prying eyes. Apparently, this flaw has been around since March of 2012, however, it was just recently discovered. Any communications or transactions that took place over SSL encrypted servers over the past two years could have been subject to malicious eavesdropping.
What are we doing:
FedChoice is acutely aware of the potential security concerns over Open SSL encryption. Rest assured that our eBanking system does not use OpenSSL so we are not subject to the vulnerability. We have applied additional updates to our SSL to ensure that we are fully up to date with the newest releases.
What you should do:
No action is required by our members but, as usual, we encourage you to change passwords periodically. For sites that have been deemed to be vulnerable, we strongly encourage you to update your password after the fix has been installed and systems have been updated.