What is Shellshock and how is it different than Heartbleed?

By now, you may have heard about the most recently identified critical vulnerability known as the "bash bug", or even "Shellshock", that may affect up to 70% of devices connected to the Internet. The affected software application, “Bash” (the Bourne Again Shell), is present on most Linux, BSD, and Unix systems, including Mac OS X. New packages were released recently, but further investigation made it clear that the patched version may still be exploitable, and at the very least can be crashed due to additional vulnerabilities.

Heartbleed exploited a weakness found on one of the most prevalent webserver operating systems on the Internet at the time of its discovery. Heartbleed allowed an attacker to pull an unlimited amount of data by attacking the webserver with a simple challenge / response, and was undetectable to the system administrator. While Heartbleed is certainly a formidable vulnerability, an attacker could only access information in active memory while initiating the challenge / response. Shellshock, on the other hand, allows a remote attacker to not only gain unauthorized access, but also perform privilege escalation, or infect vulnerable systems with malware. Furthermore, Shellshock is not limited to webservers only. Shellshock may affect any system running a vulnerable version of any Linux, BSD, and Unix system, including Mac OS X. Therefore this is not just an issue for systems with web-facing applications, but end users as well.

We are working in a timely manner to ensure that our network and systems are safe and secure.





The Home Depot has confirmed that its payment systems were breached at nearly 2,200 U.S. and Canadian stores, putting in-store only transactions at risk dating back to April.

At this time, The Home Depot and law enforcement agencies are continuing their investigation. Additionally, MasterCard® and Visa® are developing compromised card lists for distribution. As soon as LAONA STATE BANK receives alerts from MasterCard and Visa, we will promptly get the affected cards replaced and the cardholders contacted in a timely manner.

Please see below for important information on transactions that may have been affected.

Two things have been confirmed with this latest compromise:

  • Only transactions performed in stores (not online) are at risk.
  • The PIN is not at risk. 

If you know you have used your debit card at a Home Depot Store since April of 2014, please contact us immediately and we can help you in replacing your card so we take all precautions to ensure you are not a victim of fraud.  If you have any more questions on this, please contact the Laona Office at 715-674-2911. 

Thank you for your cooperation in this issue as we work in a timely manner to ensure that our cardholders are not victims of this attempt of fraud. 



Effective October 17, 2014, MasterCard is extending its zero liability limitation in the U.S. to include all MasterCard PIN-based and ATM transactions.  This is in addition to coverage already provided on signature debit and credit transactions.  To be covered by the zero liability limitation, the cardholder must promptly report the loss or theft as soon as becoming aware of it. 


Your Next Car: New or Used? Buy or Lease? 

Worried that your clunker won't last another Wisconsin winter? Many people shop for new vehicles in the fall, hoping to get a great deal on outgoing models and last quarter sales.

For most consumers, buying a used car makes more financial sense than purchasing a new one. Used cars cost less, depreciate less, and have lower insurance premiums.

On the other hand, a new vehicle will be more reliable and present lower maintenance and repair costs. If you are financing your purchase, dealer zero-percent-interest and other incentives may make a new vehicle as affordable as a used one if you plan to keep it six years or longer.

When considering a new vehicle, consumers are often attracted by the lower monthly payments of leases. Leases, which typically run for three years, do have some advantages. In addition to lower monthly payments, they may offer lower maintenance costs, and the consumer can simply turn the car in at the end of the lease or buy it for a preset price. If you use a leased vehicle for your own business, the monthly payment sometimes can be deducted on your income tax return (check with your tax professional).

But a lease gives the consumer no equity in the vehicle, limits the number of miles driven (usually 12,000 or 15,000 per year) without penalty, and requires higher insurance premiums. A lease also prevents the consumer from customizing the car and may include added fees that increase the overall cost. Plus, if circumstances change and a consumer needs to end the lease before the contract ends, this can be costly. For most consumers, buying makes more financial sense than leasing.

Of course, other factors may trump financial ones - if the latest technology and amenities are important and you plan to upgrade every three years, a leased vehicle may make perfect sense. But if you commute long distances and could not reasonably limit your mileage, or have young children and pets and are concerned about wear and tear on a leased vehicle, buying may be your best option.

Whether you buy or lease a new or used vehicle, decide what you want before you enter a showroom. Focus on the total price, not just the monthly payment required. And be willing to walk away if the deal you are offered isn't what you want.

Web resources worth checking out:

  • USAA on the best and worst times to buy a car.
  • Consumer Reports on buying vs. leasing. This site also offers many calculators to explore various options for your family.
  • Visit Edmunds.com for an analysis of buying a new or used Honda Accord vs. leasing one.
  • The Wisconsin Department of Financial Institutions offers a brochure on leasing, including the need for Gap insurance, to cover your costs if, in the event that your vehicle were totaled or stolen, the balance of your lease exceeded what you would receive from your insurance claim.

 What's My FICO Score and Why Does It Matter?

Many adults become aware of their FICO score when applying for a home mortgage or other loan. They may learn that their score is 690 or 740 or 770. But what does it really mean?

FICO is a firm once known as Fair Isaac Company. It specializes in analyzing data to create a financial grade for each potential borrower. The score is used to help banks and other lenders predict how likely it is that a consumer will pay his or her bills on time and be able to handle a mortgage amount or credit line. The score is also a factor in the interest and terms of your loan. 

To create a score ranging from a low of 300 to a high of 850, FICO uses information provided by the three major reporting agencies: Equifax, Experian, and TransUnion. When creating a score, FICO considers the following factors: 

  • Payment history-Have you paid your bills on time? If not, how late were you, and how often were you late? (This factor contributes 35% of your score.)
  • Amounts owed-on each account and how much of your credit limit have you used (Contributes 30% of your score.)
  • Credit history-How long have you had each account? (Contributes 15% of your score.)
  • New credit-How many new accounts or queries have you had? (Contributes 10% of your score.)
  • Types of credit-What types of debt do you have? (Contributes 10% of your score.) 

What does your score mean? 

  • 800 or higher: Flawless (13% of the population have this score.)
  • 750 - 799: Excellent (27%)
  • 700 - 749: Good (18%)
  • 650 - 699: Mediocre (15%)
  • 600 - 650: Not good (12%)
  • 550 - 599: Poor (8%)
  • 500 - 549: Terrible (5%)
  • 499 and below: Worst (2%) 

By now, you may be wondering how to find your FICO score. While you can find your scores based on information from the three major reporting agencies online at www.myfico.com, these are not free. In addition, they may not be the precise scores used by your lender. 

A better value is to request a free credit report from the three major reporting agencies online at www.annualcreditreport.com or by toll-free phone at 877-322-8228. Keep in mind the factors that FICO considers when reviewing your credit reports to get a handle on your approximate score. Also be sure to check these reports annually and inform the agencies if you spot any errors or inaccuracies. 

To learn more about your financial health, visit the Wisconsin Department of Financial Institutions' Financial Wellness Checklist Center at www.wdfi.org/ymm/wellness_checklist.htm.



Over the last two days there has been significant coverage concerning an Internet Explorer zero-day vulnerability.  As such, we are sending this out to make you aware of the issue and what effect, if any, it may have on you. First, what is this vulnerability?

 This zero-day vulnerability is a remote code execution vulnerability that no patch exists for yet. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the currently logged in user within Internet Explorer. In other words, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

Laona State Bank has employed a mitigation tactic that will disable the vulnerable piece of software until Microsoft has released a patch.  The Microsoft patch, when released, will be fast pathed within the Nextus platform to release.  Our vendors are employing tactics to detect anomalous traffic and reset the packets where applicable.

Affected products include Windows Workstations and Servers running Internet Explorer version 6 through 11.  A full list can be found here: https://technet.microsoft.com/library/security/2963983

 Computer Security

Scammers, hackers, and identity thieves are looking to steal your personal information – and your money. But there are steps you can take to protect yourself, like keeping your computer software up-to-date and giving out your personal information only when you have a good reason.

Don’t buy security software in response to unexpected pop-up messages or emails, especially messages that claim to have scanned your computer and found malware. Scammers send messages like these to try to get you to buy worthless software, or worse, to “break and enter” your computer.

Treat Your Personal Information Like Cash

Don’t hand it out to just anyone. Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about whether you can really trust the request. In an effort to steal your information, scammers will do everything they can to appear trustworthy.

Check Out Companies to Find out Who You’re Really Dealing With

When you’re online, a little research can save you a lot of money. If you see an ad or an offer that looks good to you, take a moment to check out the compnay behind it.  Type the company or product name into your favorite search engine with terms like “review,” “complaint,” or “scam.” If you find bad reviews, you’ll have to decide if the offer is worth the risk. If you can’t find contact information for the company, take your business elsewhere.

Don’t assume that an ad you see on a reputable site is trustworthy. The fact that a site features an ad for another site doesn’t mean that it endorses the advertised site, or is even familiar with it.

Give Personal Information Over Encrypted Websites Only

If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address (the “s” is for secure).

Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, the entire account could be vulnerable. Look for https on every page of the site you’re on, not just where you sign in.

Protect Your Passwords

Here are a few principles for creating strong passwords and keeping them safe:

  • The longer the password, the tougher it is to crack.  Use at least 10 characters; 12 is ideal for most home users.
  • Mix letters, numbers, and special characters.  Try to be unpredictable – don’t use your name, birthdate, or common words. 
  • Don’t use the same password for many accounts.  If it’s stolen from you – or from one of the companies with which you do business – it can be used to take over all your accounts.
  • Don’t share passwords on the phone, in texts or by email.  Legitimate companies will not send you messages asking for your password.  If you get such a message, it’s probably a scam.
  • Keep your passwords in a secure place, out of plain sight.

Back Up Your Files

No system is completely secure. Copy important files onto a removable disc or an external hard drive, and store it in a safe place. If your computer is compromised, you’ll still have access to your files



  • Don't carry your PIN in your wallet or purse or write it on your ATM or debit card.
  • Do not give your PIN to ANYONE
  • Never write your PIN on the outside of a deposit slip, an envelope, or other papers that could be easily lost or seen.
  • Carefully check ATM or debit card transactions before you enter the PIN or before you sign the receipt; the funds for this item will be fairly quickly transferred out of your checking or other deposit account.
  • Periodically check your account activity. This is particularly important if you bank online. Compare the current balance and recent withdrawals or transfers to those you've recorded, including your current ATM and debit card withdrawals and purchases and your recent checks. If you notice transactions you didn't make, or if your balance has dropped suddenly without activity by you, immediately report the problem to your card issuer. Someone may have co-opted your account information to commit fraud.