What it is and how it affects you.
You may have heard the news reports regarding security vulnerability called Heartbleed. The Heartbleed Bug affects OpenSSL-an open source software widely used to encrypt Web communication.
The Heartbleed bug gives hackers the ability to extract contents of a server's memory, where some sensitive data is stored. That includes private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server's digital keys then use that to impersonate servers or to even decrypt communications from the past or potentially the future.
It is important to understand that the Heartbleed bug is not within your personal computer or your phone — it's in the software that powers the services you use.
During a secure connection, a computer may occasionally request a response from the server in order to make sure they are still securely connected. They do this through a heartbeat, a small packet of data that asks for a response. The Heartbleed bug vulnerability works by disguising itself as a heartbeat, which tricks the server at the other end into sending data stored in its active memory.
Since the vulnerability has been in OpenSSL for about two years, and the majority of websites, email services, chat services, and a wide variety of apps across all platforms are powered by technology built around SSL, most internet users are affected. However, the developers behind OpenSSL had already implemented a fix prior to the vulnerability being announced, and most major service providers are already updating their sites, so the bug will be less prevalent over coming weeks.
Wescom Credit Union was not affected by the Heartbleed bug vulnerability.
At Wescom, we take a proactive approach to protecting the safety and confidentially of our member’s accounts by ensuring that we are using the latest and most secure technology available. Although we do use OpenSSL technology, it is this proactive approach that kept us from being affected.
Wescom Member Accounts have not been affected however we always encourage members to routinely change their passwords and to continue to take proactive steps towards protecting their personal information from fraud. We also encourage members to be cautious of what sites they visit, sign on to, and what links they click since these may be unsecure.
Members can visit the Wescom Security Center for more information on protecting themselves from fraud, as well as the steps Wescom takes to keep their information secure.
More information on the Heartbleed SSL can be found at www.heartbleed.com.