Information Vulnerability Alert!

OpenSSL "Heartbleed Bug"

Published Monday, April 14, 2014

Earlier this week, security researchers announced they had uncovered a bug or flaw in a key safety feature of the Internet—OpenSSL software. It’s called the Heartbleed Bug and it has been covered extensively in the news. This software is one of the key technologies used to encrypt data transactions online. An indicator that a site is protected by this software is the signature 'padlock' displayed in the browser. This bug allows attackers to retrieve sensitive information such as usernames, passwords and credit card details from servers running the affected versions of the software.

 

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

 

 

Independent Federal Credit Union has verified with all third party vendors that there is no threat detected. There has been no indication that this vulnerability has been used against Independent Federal Credit Union or its third party vendors. Independent Federal Credit Union utilizes a combination of vulnerability intelligence and technology to regularly scan for vulnerabilities as well as detect and respond to potential threats to security, and will continue to monitor for any threats. If you have any concerns about your account safety, now or at anytime; or ever feel that your information has been compromised, then contact us straight away at 765-649-9271.

 

Here is a link for you to enter any websites that you currently utilize with passwords. Simply type in the web address and you will receive a report regarding its vulnerablity.

https://lastpass.com/heartbleed/

 

Here are a few tips to help you stay secure online:

  • If you are concerned about remembering your various passwords then record them in a safe and secure place.

  • Passwords should be updated and changed on average every 1 to 3 months.

  • Make sure your passwords are not easy to guess. Avoid using your social security number, date of birth, or phone number. Consider getting creative and substituting symbols for letters, such as “1am4ever*21” or “$endAle++er2me”.

  • Avoid using the same password for all of your accounts. Especially keep your banking password unique from all others.