Go to:

July 2018
< Jun Aug >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Cornerstone Credit Union League, Credit Union Resources and Other Cornerstone Websites not affected by Heartbleed
Friday, April 11, 2014 7:00 AM

News of the Heartbleed bug has many organizations concerned about whether or not they’ve been affected. The Cornerstone Credit Union League has determined that the bug is affecting those websites using OpenSSL. Cornerstone, Credit Union Resources, and the Cornerstone Credit Union Foundation do not use OpenSSL; therefore, these websites are not affected or vulnerable.

A tool credit unions can you can use to determine if their website, or any third party vendor website, is affected or are vulnerable to the bug is Idrees Rafiq, assistant vice president of IT consulting for Credit Union Resources, is encouraging credit unions to take this opportunity to educate their members, and urge them to also utilize tools such as Last Pass to check the sites that they've entrusted with their information. Awareness and due diligence, he says, is essential to defending your credit union and your members against bugs such as Heartbleed.

Credit unions can find additional information about the Heartbleed bug, including an informative Q&A online, at  


Helpful Resources: Technology Consulting & Compliance Services through Credit Union Resources. Available services include:

  • Security Risk Assessment: Evaluate the risk of compromising member information in fulfillment of the NCUA Regulation 748 Appendix A and B to include physical, administrative, and technical security.
  • TR-39 ATM PIN Security Audit (Previously known as a TG-3 PIN Audit): Certified CTGA auditor performs audit focusing on security practices throughout all six phases of the encryption key life cycle: Generation, Distribution, Storage, Usage, Destruction, and Compromise. The evaluation is in fulfillment of the even-numbered year audit requirements by the 3 ATM network processors PULSE, STAR, and NYCE.
  • Information Systems & Technology (IS&T) Assessment: In-depth review a credit union’s overall IS&T systems concentrating on security, audit, information technology, and member services in fulfillment of NCUA’s letter to credit unions 06-CU-10.
  • Security Policy & Program Development: Take a risk-based approach in developing a Security Policy & Program in fulfillment of the NCUA Regulation 748 Appendix A and B to include physical, administrative, and technical security.
  • Security Risk Assessment and Policy & Program Annual Review: Detailed review of the 26 elements associated with the Risk Assessment and Policy & Program in fulfillment with the NCUA Regulation 748 annual review requirements.
  • Network Vulnerability Assessment Testing: Assess current Internet connections to identify points of weakness that leave the credit union exposed to external threats that may be a result from hackers, network viruses and more. Testing is in fulfillment of NCUA’s Letter to Credit Unions, eCommerce Guide to Credit Unions 02-CU-17.
  • Systems Maintenance: This service will help ensure the healthy and efficient performance of your computers and network. We will securely connect to your network and apply all needed software updates, antivirus/anti spyware updates, perform disk cleanup and disk defragmentation tasks, and review event logs to proactively identify potential issues.