News & Events

Monona State Bank’s Online Services not Affected by the HeartBleed Bug

Our MononaBank Online banking system was not affected by the Heartbleed vulnerabilty bug. However, it is still a good time to take a look at your online security.

More Information About The Heartbleed Bug

As you may have heard, a security flaw was recently discovered that could put your passwords and other personal information at risk of being stolen. The good news is that the provider of our MononaBank Online (Personal and Business) systems has informed us that this bug did not have any impact on these systems and client information has not been compromised.

While there may not be any problems with the Monona Bank Online sites, it is estimated that this bug impacts more than 67% of web sites worldwide, including many popular social media, chat and other commonly used sites that utilize a User ID and Password to access. This means you should look at all of the web sites, tools and services you use online that require a User ID and Password to access and take steps to protect your confidential information.

What can you do to Protect Yourself Online

To ensure the security of all your online activity, we recommend that you consider changing passwords for all other internet based sites (including your MononaBank Online accounts) or services that utilize an ID and password to access. When using sites that require a User ID and password, it is a best practice to regularly change your passwords to protect you from unauthorized access to your accounts.


To change your passwords on our online banking tools:

Consumer Clients: To change your MononaBank Online passwords:

On the sign in screen, enter your User ID
On the next screen, do not enter your password, instead click on the ?reset it yourself? link and follow the online instructions to complete your password change.
If you have a joint account and multiple users access your online banking accounts, be sure to let them know the password has been changed, or they may lock up the account if they use the old password.

Business Clients: To change your MononaBank Online: Business passwords:

If you are your MononaBank Online: Business Administrator, follow the links below:
Access Administration >> User Administration >> System Access >> Change Password
Please note: only the Administrator on record for your business account can change a password.

Consumer clients: If you have any questions regarding how to change your password, please call (866) 482-6932 (any time of day) or contact your personal banker.

Business clients: Business client (administrators only) can call (608) 223-6243 during regular business hours (M-F 8 am to 5pm). They can also call toll-free (800) 593-4345 for assistance from 7 am to 7pm.


Additional Information About the Heartbleed Bug:

What is the Heartbleed Bug?

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This bug potentially allows someone to extract and steal information that is protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. Without getting into too much detail, the SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

What Is the Issue?

On April 7, the OpenSSL organization publicized a new, critical vulnerability called ?Heartbleed,? which is associated with certain versions of OpenSSL software. This has resulted in the issuance of a critical alert: CVE2014-0160. The common vulnerabilities and exposures (CVE) system is a reference database of well-known vulnerabilities and is underwritten by the National Cyber Security division of the U.S. Department of Homeland Security.

This vulnerability, which affects OpenSSL versions 1.0.1 (up to 1.0.1f), can allow for the reading of the memory contents of certain Web applications protected by the SSL/TLS protocol, which could also lead to a compromise of SSL certificate keys, password hints or other sensitive data. This is not a design flaw in SSL/TLS; rather, it is a coding error in the heartbeat functionality of the OpenSSL library for the affected versions.

What Is at Risk?

OpenSSL is an open-source implementation of the SSL/TLS protocol, which is used by many operating systems and middleware solutions. These include operating platforms such as UNIX? and Linux, middleware and Web solutions such as Apache and JBoss, and certain network appliance solutions such as load balancers. VPN devices may also be affected. Due to the popularity of OpenSSL, it is estimated that this bug could impact more than 67% of web sites worldwide, including many popular social media, chat and other commonly used sites that utilize a User ID and Password to access.

What Should I Do?

We have said this before but it bears repeating, to ensure the security of all your online activity, we recommend that you consider changing passwords for any internet based sites or services you use that utilize an ID and password to access, including your MononaBank Online accounts.


If you want more information about this security issue, check out these additional sources of information:

heartbleed.com
Here's How To Protect Yourself From The Massive Security Flaw That's Taken Over The Internet - Business Insider
What You Need to Know About the Heartbleed Bug - ABC News

Facebook Twitter