On Tuesday, April 8, a serious website vulnerability was made public and has been widely discussed in news and social media outlets. The vulnerability, named the "Heartbleed bug," is a defect in the commonly used cryptographic software library called OpenSSL. The OpenSSL software library provides SSL/TLS encryption for many web services (like retail/business websites, social websites, email, etc.) and is used by companies all around the world. The vulnerability that was found allows an attacker to read the memory for systems that, under normal conditions, are protected by the SSL/TLS encryption. Reading the memory in this way means that an attacker could be able to see any sensitive web communication traffic including private key information (a password-like piece of information used for encryption) and username and password credentials.
MSUFCU's Response to Heartbleed
We became aware of this issue shortly after its posting online and we immediately took action to patch the vulnerability for all of our affected servers. We have replaced the SSL encryption certificates for all servers that had the affected version of OpenSSL. Since most of our affected systems did not capture member login information, we have determined that the potential exposure is minimal.
MSUFCU's website is no longer vulnerable to the Heartbleed bug and continues to provide secure online services to our membership.
Should you have questions or further concerns, please do not hesitate to contact MSUFCU. We are happy to assist you.