Phone: (740) 943-2317

Toll Free Phone: (888) 943-2317

General Support

Secure support chat with a Bank Representative

You might also be interested in:

Heartbleed

April 12, 2014 (Updated 4/16/14) - OpenSSL "Heartbleed" Vulnerability


At Richwood Bank we are always committed to security, including fully safeguarding your data and adhering to the highest security standards.

On the evening of April 7, 2014, security researchers publicly disclosed a flaw or vulnerability contained in several versions of OpenSSL, an open source encryption system used by a significant percentage of the internet to safeguard data transfers. For example, OpenSSL is used by many sites when you access them via their HTTPS addresses. This vulnerability has been in some versions of OpenSSL for around 2 years (but likely went unnoticed for most of that time).


The vulnerability, referred to as the "OpenSSL Heartbleed Flaw," if exploited over time to its fullest potential, could allow an unauthorized user to decrypt, monitor, or collect all traffic passed between a user and a web service. Previously collected traffic could be decrypted as well, although this is even less likely. There is no evidence of any sort of improper access or data breach to any of our internal RBC or external vendor systems.


Richwood Bank has been in contact with our web hosting vendors since the OpenSSL issue was identified to assess and minimize any potential risk to our customers. As part of a review and testing of our systems, so far it has been determined that the following customer facing Richwood Bank products at one time had a vulnerable OpenSSL version but have since been fixed:


Secure Email and Chat – This vendor informed us:

  • They put an Intrusion detection system in place April 8, 2014 (no Heartbleed alerts have triggered since then)
  • There is no evidence of improper access.
  • They applied the patch to fix the vulnerability on April 9, 2014
  • They issued new certificates on April 13, 2014.
  • It is recommended that if you haven't changed your password since 4/13/14, that you now change your secure email password as a precaution.
  • The area where you can change it can be found by:

1. Logging into secure email at https://link1.securebanksolutions.com/mail/?brand=044106588

2. Your username should be: /044106588/<and your email address goes here>

3. Then enter your password

4. Once logged in click on the Options tab to change your password.

5. If you use this same password on other systems it is recommended that you change that password on other systems as well.


As an update, on April 14, 2014 we conducted additional research with the third-party vendor of the LinkLive product, and confirmed the following mitigating factors:

1. The OpenSSL vulnerability targets memory; however, the LinkLive chat functionality does not store chat sessions in memory. Therefore, the risk for LinkLive chat is extremely low.

2. LinkLive stores its passwords in memory; however, the passwords are encrypted at the highest possible level, and they are stored in unique proprietary server stacks. Consequently, the risk for LinkLive systems is also extremely low.



Buzz Points portal - Our Buzz Points vendor sent out a security notification directly to customers. Here is a summary:

• They said: "All of our servers were patched and restarted within 4 hours of the announcement."

• Certificates have been updated by this point (4/14/14 at the latest) as well.

• They "do not believe any Buzz Points accounts were compromised"

• They recommend that you change your Buzz Points password as a precaution:

1. Log in to Buzz Points at https://buzzpoints.com

2. In the upper right corner of your screen go to profile (your name)

3. Select Edit Account from the pull down menu

4. Change your password on the bottom right

5. If you use this same password on other systems it is recommended that you change that password on other systems as well.


We also have some vendors that we work with internally that had vulnerable systems that have since been patched and secured in a timely manner.

We will continue to monitor our systems and shore up security. We will keep you updated on www.richwoodbank.com as we find out more information. As always, please be vigilant and notify us of any suspicious activity on your accounts.



For additional information on this vulnerability:



For a growing list of major websites that were vulnerable at one time (change your passwords on them):

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/#:eyJzIjoiZiIsImkiOiJfangyMnU1c3I4eWtuaGo0aiJ9



You can also test a site for the vulnerability by entering it here:

https://www.ssllabs.com/ssltest/index.html



If you have further questions, please contact us at 740-943-2317.