News & Announcements

Heartbleed Bug Update - Your PNCU accounts are safe!

Posted on April 14, 2014

You may have heard the news reports regarding the security vulnerability. Here is what you should know about the Heartbleed bug vulnerability and what POLISH NATIONAL CREDIT UNION is doing to protect you, our members.

Details About The Heartbleed Bug
The Heartbleed vulnerability is a flaw in the popular OpenSSL tool that powers secure web sessions. Despite the SSL promise of heightened security, Heartbleed allowed hackers to get a clear, unencrypted view of data.
The flaw apparently was introduced to OpenSSL about two years ago. It was disclosed by researchers in early April.

What is the Heartbleed SSL Vulnerability?
The Heartbleed bug gives hackers the ability to extract the contents from a server's memory, where some sensitive data is stored. That includes private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server's digital keys then use that to impersonate servers or to even decrypt communications from the past or potentially the future.

It is important to understand that the Heartbleed bug is not within your personal computer or your phone—it's in the software that powers the services you use.

How Does It Work?
During a secure connection, a computer may occasionally request a response from the server in order to make sure they are still securely connected. They do this through a heartbeat, a small packet of data that asks for a response. The Heartbleed bug vulnerability works by disguising itself as a heartbeat, which tricks the server at the other end into sending data stored in its active memory.

Who Is Affected?
Since the vulnerability has been in OpenSSL for about two years, and the majority of websites, email services, chat services, and a wide variety of apps across all platforms are powered by technology built around SSL, most internet users are affected. Most major service providers are already updating their sites, so the bug will be less prevalent over the coming weeks.

POLISH NATIONAL CREDIT UNION was not affected by the Heartbleed bug vulnerability. Your accounts are safe. We do not use OpenSSL technology; it is this proactive approach that kept us from being affected.
At PNCU we take the proactive approach to protecting the safety and confidentially of our member’s accounts by ensuring that we are using the latest and most secure technology available. We have contacted all of our partner networks asking for status updates. They have confirmed that they were either not reliant on OpenSSL for security, or that they were not using compromised versions of OpenSSL.

Do Our Members Need to Take Action?
Member Accounts have not been affected; however we always encourage members to routinely change their passwords and to continue to take proactive steps towards protecting their personal information from fraud. We are also encouraging members to be cautious of what sites they visit, sign on to, and what links they click since these maybe unsecure.

You may check a site here before using it:

View All News & Announcements »

Blog post currently doesn't have any comments.
Leave comment Subscribe