What is Heartbleed?
The Heartbleed bug is a serious vulnerability in the very popular OpenSSL cryptographic software library, utilized on an estimated two-thirds of the Internet. This bug allows attackers to steal information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. This encryption provides security and privacy over the Internet for applications such as websites including banking sites, e-mail, instant messaging, and some virtual private networks (VPNs). The flaw was identified on April 7, 2014.
Am I affected by the bug?
You are likely to be affected either directly or indirectly. OpenSSL is the most popular open-source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your banking websites, social networking sites, company's site, commerce site, hobby site, site you install software from, or even sites run by your government might be using vulnerable OpenSSL. You might have networked appliances with logins secured by this buggy implementation of the TLS.
Is this a big deal?
Absolutely, one must presume that cryptographic keys have been compromised and that encrypted sessions are at risk. The good news is there is not any indication that the bad guys had prior knowledge of this bug; it seems the researchers were the first to locate the problem. But the scary part is that everyone (good and bad) now has the knowledge and can infiltrate websites, extract the information they want, and leave no trace of their presence. Thus, it's hard to determine whether someone ever exploited the bug or whether your account information was compromised.
What versions of the OpenSSL are affected?
• OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
• OpenSSL 1.0.1g is NOT vulnerable
• OpenSSL 1.0.0 branch is NOT vulnerable
• OpenSSL 0.9.8 branch is NOT vulnerable
• Reset passwords immediately for sites hosting personal information or financial records.
• Ensure passwords are not shared among websites.
PSB is dedicated to protecting the security of our customer's accounts. We are working vigilantly with our vendors ensuring that the appropriate measures are being taken to prevent any complications.