From the Marketing Department:
By now, you've probably heard about the Heartbleed Vulnerability, a vulnerability effecting systems that rely on specific versions of OpenSSL encryption.
Upon hearing the news of Heartbleed defect, we began to investigate our services and any vulnerabilities we, and in turn our members, could be exposed to. Verity has been reaching out to our vendors to assess our risk.
The good news is that our website and Online Branch vendors assured us we are not at risk. We've been in contact with our other vendors as well and have confirmed that they are not at risk, and are taking steps to continue to mitigate risk. We will continue to monitor the situation with each of them and everyone is taking this threat very seriously.
Regarding the websites that list out sites that may be "vulnerable" to this virus, our IT department has said that these websites are determining if our web servers useOpenSSL, regardless of version. Verity's website does use OpenSSL, but the version we use is not vulnerable to the Heartbleed defect.
We encourage to you to regularly update your passwords, preferably every 90 days, as a best-practice. If you find you are affected in your personal activities, please update your passwords. If the service you use has not implemented a fix yet, you will need to update your password again once they have. If there are updates to our status that have an impact on our members, we will post them in the comments section of this post.
If you want some more information about Heartbleed, here are some websites for more information: