C&N Not Vulnerable to "Heartbleed" Bug

As many of you are aware, a serious vulnerability, dubbed “Heartbleed” has been uncovered and publicly disclosed by security researchers. This vulnerability exists in certain versions of OpenSSL, a widely-used cryptographic library that enables SSL (Secure Sockets Layer) and TLS (Transport Security Layer) encryption.

The vulnerability relies on a bug in the implementation of Open SSL’s “heartbeat” feature. When exploited, this vulnerability enables an attacker to trick a system into revealing chunks of data residing in its memory. The attack can lead to a server leaking private SSL keys, usernames and passwords and other sensitive data. Many well-known sites have been reported as vulnerable to attack.

C&N’s hosting environment utilizes network load balancers which manage SSL encryption and decryption for our customers. These load balancers do operate an implementation of OpenSSL, however, the version running is NOT vulnerable to this bug and never has been vulnerable.

C&N constantly runs tests on our systems and we are confident our systems are secure. While there’s no indication of compromise, changing your password is advised when there is a known vulnerability in an application or software. We recommend that our customers change their passwords frequently and use unique passwords for each site they visit. We also urge customers to be on the lookout for phishing emails masquerading as "Heartbleed" password change notices. If you’re unsure, avoid using the embedded links.

Helping you protect your personal and financial information is a top priority for us at Citizens & Northern Bank. As always, if you have any questions or concerns feel free to call us, toll free, at 1-877-838-2517 or visit us online and click on the "Live Chat" link at the top of our home page.