Business Login |  Mobile Web |  Apply |  Trouble Logging In?
Secondary Page Image

Heartbleed

Bank of Star Valley's online banking servers are NOT affected by Heartbleed.

Your financial data is safe and NOT affected by Heartbleed. However, your data may have been vulnerable on other websites.

What is Heartbleed?

The Heartbleed Bug is a vulnerability on non-Windows servers that could allow hackers to retrieve and read encrypted data like passwords.

Here's a good explanation from BusinessInsider.com:

Heartbleed is a flaw in OpenSSL, the open-source encryption standard used by the majority of websites that need to transmit the data that users want to keep secure. It basically gives you a secure line when you're sending an email or chatting on IM.

Encryption works by making it so that data being sent looks like nonsense to anyone but the intended recipient.

Occasionally, one computer might want to check that there's still a computer at the end of its secure connection, and it will send out what's known as a heartbeat, a small packet of data that asks for a response.

Because of a programming error in the implementation of OpenSSL, the researchers found that it was possible to send a well-disguised packet of data that looked like one of these heartbeats to trick the computer at the other end into sending data stored in its memory.

According to the researchers who discovered the flaw, the code has been in OpenSSL for about two years, and using it doesn't leave a trace.

You can learn more about Heartbleed on this website: http://heartbleed.com/.

What Should I Do?

Though Bank of Star Valley's server was not vulnerable to Heartbleed, other services you use online may have been vulnerable.

  • Be aware your data could have been seen by a third party if you used a vulnerable service provider
  • Monitor any notices from the vendors you use. Once a vulnerable vendor has communicated to customers that they should change their passwords, users should do so
  • Avoid potential phishing emails from attackers asking you to update your password – to avoid going to an impersonated website, stick with the official site domain