Important Member Alert: Heartbleed Security Vulnerability Update

heartbleedYesterday, a serious vulnerability dubbed “Heartbleed” was uncovered and publicly disclosed by security researchers.  This vulnerability exists in certain versions of Open SSL, a widely used cryptographic library that enables SSL (Secure Socket Layer) and TSL (Transport Security Layer) encryption.

The vulnerability relies on a bug in the implementation of Open SSL’s “heartbeat” feature, hence the “Heartbleed” name. When exploited, this vulnerability enables an attacker to trick a system into revealing chunks of data residing in its memory. This attack can lead to a server leaking private SSL keys, usernames/passwords, and other sensitive data. Many well known sites have been reported as vulnerable to attack.

First Financial’s website and system utilizes network load balancers, which manage SSL encryption and decryption for our member information and data. These load balancers operate in a different Open SSL platform that is not vulnerable to this bug.

Should you have any further questions or concerns regarding this matter, please contact Member Services at 866.750.0100 or email

2 thoughts on “Important Member Alert: Heartbleed Security Vulnerability Update

  1. I do have an IT concern. Is the home page truly a secure page to sign on with? Please look closely, all the rules about a “lock” icon or “secure” appearing in the address bar do not appear when you have this page displayed and enter your sign on/password information.
    Jeff Adams – 732-267-1463 –

    • Hi Jeff,
      Yes – the current homepage is secure. In addition, the connection between our corporate website ( and Online Banking uses a secure, direct line – meaning that upon submittal, your credentials are never exposed to the world wide web. There is not an opportunity for this information to be intercepted via a 3rd party. And, coming in June 2014 we will be placing an additional, enhanced security certificate on our corporate website as we launch a re-designed site, and enhanced online banking & bill pay, as well as a new smartphone app. If you have any additional concerns or questions, please feel free to call Member Services at 866.750.0100. Thank you!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s