TMCnet News
Most Banks Unaffected By Heartbleed Bug Password Safety 101 [Intelligencer Journal (Lancaster, PA)](Intelligencer Journal (Lancaster, PA) Via Acquire Media NewsEdge) Staff Writer [email protected] Everyone banks online these days. Does that mean millions of bank and credit union accounts have been vulnerable to hacking because of the Heartbleed bug? Probably not, banks and bank experts said. "Most Internet banking applications are not impacted by this bug," the American Bankers Association said in a statement this week. Banks have additional layers of security that would prevent an attempt to exploit Heartbleed, and some institutions don't use the open-source software at issue in the first place, the ABA said. Community banks - usually defined as those with less than $10 billion in assets - generally rely on outside vendors for their online banking systems, bank advisor George Millward said. By and large, those vendors don't use open-source technology, he said. Millward is a managing director of the New Jersey-based Kafafian Group, which consults with banks on financing, strategy and operations. Hackers have targeted banks since the earliest days of the computer revolution, Millward said. Over the years, banks and their vendors have beefed up their systems, and security breaches in the industry have become rarer and rarer, he said. Lancaster County's two largest banks, Fulton and Susquehanna, both said their systems have a clean bill of health. Susquehanna Bank does not use OpenSSL, the encryption technology affected by the Heartbleed bug, spokesman Matthew Kemeny said. Fulton Bank released a statement Friday saying it has reviewed its systems and determined they are safe. There is no need for customers to change their passwords, Fulton said. Likewise, large U.S. institutions seem to have been spared. Many affirmed this week that they do not use OpenSSL, including Bank of America, Wells Fargo and PNC. And a review of major banks' websites found no problems, Bank Technology News said Friday. A potential concern with Citigroup's website was found to be a false alarm, BTN said. Still, federal regulators advised financial institutions to take aggressive action to remedy any OpenSSL vulnerabilities. They should ensure that their vendors identify and fix any potential problems and should also upgrade their own systems as needed, the Federal Financial Institutions Examination Council said in a statement Thursday. Moreover, banks and thrifts "should operate with the assumption that encryption keys used on vulnerable servers are no longer viable for protecting sensitive information" and should have users and bank personnel update all related passwords, the FFIEC said. That echoes advice given the users of other websites whose information may be vulnerable. Credit unions, too, are taking the appropriate steps, the Credit Union National Association trade group said Friday. "Many credit unions reassured members via email or on their websites if their online systems did not use OpenSSL, if their third- party providers were up-to-date or if they had taken the appropriate measures to secure their sites," CUNA said. Heartbleed, discovered just a few weeks ago, stems from a mistake a programmer made on New Year's Eve of 2011. The mistake essentially created an "open door." allowing hackers to cull information from any server using the OpenSSL code that has the error. IT experts discovered and revealed the error about a week ago. Since then, many of the Internet's most popular websites have had to patch their systems and tell their users to change their passwords. It's not known to what extent the flaw was known or made use of. The U.S. National Security Administration may have exploited the bug to gather intelligence, news reports said Friday. You can help your bank protect your accounts from hacking, experts say. Here are some basic tips: Don't use your bank password for any other website. Use a strong password: Make it at least eight characters long. Use a mix of upper- and lower-case letters, plus numbers and symbols. Don't use a word you can find in a dictionary. Change your password from time to time. (c) 2014 ProQuest Information and Learning Company; All Rights Reserved. |