News Feed

Heartbleed bug could threaten website security

Mon, Apr 21, 2014

Washington, District Of Columbia

As was widely reported in the news media, any organization with a website should become educated about a new and stealthy invader--the Heartbleed bug--to determine if it is a threat to their operation.

As described by CNNMoney , the bug leaks information by creating a hole in the software that "the vast majority" of websites use to turn consumers' personal information into more secure strings of random numbers and letters.

Consumers are often advised to look for a padlock image in the address bar of a website with whom they are sharing information. That's a step that website users have been able to easily take to make sure their information is secure--or at least more secure.

However, CNNMoney said now if you see this padlock image it confirms that there's a "good chance" that site is using the encryption software that can be exploited by the Heartbleed bug.

According to several news reports, the bug:

  • Exposes usernames and passwords;
  • Compromises a user's web session in a way that allows another person to pose as that user--no password required; and
  • Enables fraudsters to pose as a legitimate website and bait users into revealing personal information.

SilverSky, a provider of cloud-based managed security solutions and a CUNA Strategic Services alliance provider, has contacted customers with a message regarding Heartbleed, calling it a "vulnerability in the OpenSSL encryption standard."

SilverSky recommends that everyone using OpenSSL patch and update to the latest version.

Also, CUNA Mutual Group is developing a risk alert for credit unions on the Heartbleed bug.  

Source: CUNA News Now