News And Events

Updates

  • Security Bulletin: SSL POODLE Vulnerability (CVE-2014-3566)

    Oct 17, 2014
    Summary
    A security advisory (https://www.openssl.org/~bodo/ssl-poodle.pdf) was published on 14th Oct 2014 by Google, describing a security attack allowing plaintext to be extracted from an SSL connection when the SSL client and server both use SSL version 3.0. The issue is inherent in the protocol, which is almost 20 years old, and the only recommended way to overcome the latest issue is to disable SSL version 3.0 and ensure that only the more modern replacement TLS protocols are used instead. To successfully exploit POODLE the attacker must be able to inject a malicious JavaScript into the victim's browser and also be able to observe and manipulate encrypted network traffic on the wire.

    Mitigating Factors
    • As you would be having trusted/controlled environment.
    • If the connection is based on TLS 1.0 or higher and the client does not attempt to reconnect using SSL v3.0 then there is after a handshake failure then there can be no compromise. TLS 1.2 is always recommended to prevent weaknesses in TLS 1.0.
    • If you have disabled SSL v3.0 in your browser then even if it is enabled on the server, there can be no compromise.
    Impact of this vulnerability on Ascertia Products:
    • SigningHub Cloud (www.signinghub.com): No impact - SSL v3.0 is already disabled in this service
    • SigningHub Enterprise: This product is not bundled with a web-server and is therefore POODLE safe. You must ensure SSL v3.0 is disabled on the IIS web server (see corrective action below).
    • ADSS Server: Apache tomcat is bundled with the product. SSL v3.0 is by default enabled (see corrective action below to disable SSLv3.0).
      Corrective Action
    To disable SSL v3.0 for ADSS Server, follow the steps mentioned in the following KB Article.
    To disable SSL v3.0 on your web server or browser (IIS, Apache, IE, and Chrome and Firefox) follow the steps here.

    For more details contact Ascertia Support.
  • Global: ADSS Server v4.8.1 released

    Sep 15, 2014
    The latest version of the Ascertia Advanced Digital Signing Services (ADSS Server) includes the following major enhancements:
    • A comprehensive new PKI component called an Attribute Authority has been added. An Attribute Authority issues (and revokes) attribute certificates to users. Attribute certificates are used for assigning rights, privileges and authority to access particular resources. ADSS Server allows multiple attributes certificate profiles to be set-up and used in wide range of business scenarios. Business applications, including Registration Authority (RA) products such as AET BlueX, can request attribute certificates on behalf of end-users through the ADSS web services interface.
    • The ADSS SCVP Service has been further enhanced to dynamically discover and validate the certificate chain for an OCSP Responder certificate when using advanced discovery settings. It achieves this using certificate extensions and/or configured LDAP directories, avoiding administrators to manually find and import such certificates. Complex PKI networks such as Bridge CA environments, in particular the Federal PKI, where finding the certificate chains of distant OCSP responders is complex and time-consuming, will benefit greatly from the automated processing of OCSP responder certificates.
    • The ADSS Certification Service has been enhanced to support short-life certificates. Typically such certificates can have a lifetime of a few minutes. This is useful for schemes which require the use of One Time Certificates (OTC) for the creation of one time digital signatures. Such schemes have higher inherent security because certificates can only be used once (i.e. no chance of misuse) and also do not need revocation management as they expire very quickly. Such schemes also aid ease of use since one time certificates can be managed solely on the server-side without requiring delivery to the owning user.
    • ADSS Server now includes functionality for scheduled restarts at a selected future time, typically a quiet time such as 02:00 so that any configuration changes do not affect processing during normal business hours. To maintain enhanced security, ADSS Server does not permit dynamic changes to ADSS Server security and policy settings.
  • Global: ADSS Server v4.8.0 released

    Aug 04, 2014
    The latest version of Ascertia Advanced Digital Signing, (ADSS) Server includes the following major enhancements:
    • A new feature has been introduced that allows exporting of keys through HSM held and managed Key Encrypting Key (KEK). The exported keys are then held securely within the ADSS Server database where HSMs allow this functionality. This means that large number of users can now be enrolled in ADSS Server with their own unique keys and certificates.
    • The ADSS Certification Service now tightly integrates with Active Directory (AD) to create and manage user keys & certificates. This make it easy to deploy end-user digital certificates within an enterprise. The keys and certificates are held within ADSS Server and are linked to users' Active Directory names and their use requires AD authentication.
    • ADSS Signing and ADSS Verification services have been enhanced:
      1. Stand-alone PAdES Part 4 PDF document timestamps can be created and verified.
      2. XAdES v1.4.1 is now supported.
    • ADSS SCVP service now supports validation fallback options, by using CDP and AIA based addresses.
    • The Key Manager module has been enhanced to support Windows CAPI/CNG software or CAPI/CNG based HSMs.
    • The Manage CAs module has been enhanced to allow the CRL publishing period to be set independently of the CRL expiry date to allow over-issuance.
    • ADSS Server Console has been enhanced:
      1. All load balanced ADSS Server systems are shown on the Admin screen home page.
      2. Provision to simplify manual OCSP routing configurations management, multiple CA certificates can be imported at once from a system folder entered in the Service > Manual Routing page. This is valuable for large scale PKIs with routers that do not use the service locator extension.
      3. Provision to change the ADSS Server hostname/IP address in the Server Manager module. This is valuable when the hostname/IP is changed after the ADSS Server installation.
    • While importing the saved configuration data, the configuration settings “Import” feature now enables the operator to overwrite or skip configuration data that already exists in the target installation.
    • New operator alert messages are produced for the Core and Console services or daemons during high availability mode, and the “Slave” instance takes over from the “Master” instance.
  • Ascertia Docs v5.6.5 released

    Jun 16, 2014
    The latest version of Ascertia Docs included a new Microsoft Office App for MS Word 2013 and Office 365 that auto detects signature lines and workflows the document to the identified users who can view and sign using Word native signature format (XAdES-X-Long including timestamp and validation).
  • Global: PDF Sign&Seal v6.4.0 released

    May 19, 2014
    The latest version of PDF Sign&Seal includes the following major enhancements:
    • Windows 8 is now supported.
    • SHA-2 hash algorithms are now supported.
    • PAdES LTV Part 4 signature can now be created and verified.
    • Users can now control the certificate subject DName details that are shown within their visible signature appearance.
    • Supports Greek letters appeared in the document name.
    • Warnings are shown if the user has no rights to a configured output folder.
    • Windows Explorer right click menus have been enhanced to support relative output file paths.
    For more comprehensive information on what new improvements are available, the release notes can be found here.
  • Global: ADSS Server v4.7.7 released

    May 16, 2014
    The latest version of the Ascertia Advanced Digital Signing, (ADSS) Server includes the following major enhancements:
    • The ADSS Signing Service, and ADSS Go>Sign Service now feature a new HTML based “Signature Appearance” designer.
    • The ADSS TSA (Time Stamp Authority) Service has been enhanced to optionally use time obtained directly from the NTP servers configured in the NTP Time Monitor.
    • The ADSS Server Core instance now uses a high availability architecture on load-balanced systems.
    • The ADSS Go>Sign Service has been enhanced to:
      1. Support signed attributes in AdES signatures
      2. Support EPES signatures
      3. Use a hand signature image and/or company logo image provided by the business application.
    • Improvements in the ADSS Server Admin Console configuration
    • Database drivers for all supported databases have been upgraded to the latest versions. There is no change to the SQL Server driver (JTDS) v1.2.2. Hibernate has been upgraded to the latest available version (v4.3.1). Database connection pool management has been enhanced.
    • The ADSS Server now supports these databases versions: PostgreSQL 9.3; Oracle 12C; MySQL 5.6
    • For complete information on what new improvements are available, the release notes can be found here.
  • Middle-East: Ascertia to present its innovative digital signature solutions for SquareOne Roadshow

    Apr 28, 2014
    Ascertia management will be presenting its advanced digital signature innovations during the SquareOne Document Day roadshow. The cities covered are Riyadh, Jeddah, Abu Dhabi and Dubai from 11th-15th May 2014. For further details and to register see http://www.squareonemea.com/index.php/blogs/document-day. Ascertia will showcase its leading digital signature, approval workflow and document tracking product called Ascertia Docs. The team will showcase the next wave in document e-signatures and in particular mobile signing, to increase process efficiency, cut costs and close contracts faster. The half day event will witness some of the most innovative solutions available from the leading vendors of Document and Print technology.
  • Ascertia Docs v5.6.4 released

    Apr 21, 2014
    The latest version of Ascertia Docs includes the following enhancements:
    • Ability for the enterprise admin to control the hand signature capturing options that are made available to enterprise users.
    • Bulk signing is supported for local keys and certificates on PKCS#11 tokens.
    • Users can now disable the sending of notification emails to collaborators.
    • Templates can be edited / updated and saved under a different name when preparing a document.
    • A new signature appearance is added in Options -> My Signature tab.
    • A signature verification status bar has been added.
    • User deletion has been improved.
    • Greek language support has been added.
    • SigningHub is also upgraded accordingly. Click here to see the release notes.
  • Ascertia is not affected by OpenSSL heartbleed vulnerability!

    Apr 09, 2014
    Researchers in Codenomicon and Google have recently found a vulnerability code named CVE-2014-0160 inside most OpenSSL implementations. The issue is not inside the TLS/SSL protocol, rather in how it was implemented by the OpenSSL developers . Once exploited, a threat agent can access sensitive information which includes passwords and secure key information. OpenSSL has recently provided a patch to address this vulnerability. Ascertia, as responsible PKI trust services provider, wants to assure its clients and partners that none of our digital signature and PKI products (server, desktop and mobile apps) and associated services and websites are affected by this vulnerability. OpenSSL is not used within any Ascertia software product. Any customer using an Apache webserver as a front-end DMZ proxy or who may be using OpenSSL elsewhere (e.g. front-end hardware load-balancers or third party client tools/utilities) should ensure that these are not using one of the vulnerable OpenSSL versions. More details about this vulnerability can be found here http://www.heartbleed.com/
  • UK: Ascertia Attends Infosec

    Apr 07, 2014
    UK: Ascertia Attends Infosec 2014, Ascertia senior staff will be attending the show at Earl’s Court 29th April to 1st May 2014. Contact us to book a demo slot to see our latest innovations in mobile document signing, workflow and PKI services.

About Us

News and Events

Customers

Partners

Contact Us

Privacy Statement

Request Info

Submit

Sales Inquiries:
+44 (0)800 772 0 442

15

+
Years of Digital Signature
Innovation