SigningHub is not affected by the HeartBleed OpenSSL vulnerability!

Posted by Liaquat Khan on 09-Apr-2014 17:02:00

Heart-Bleed

OpenSSL is one of the most commonly used toolkits to implement PKI services. It is free/open source, regularly updated and comes bundled with Linux. You can also install its binaries on Windows. Although issues in the SSL protocol have been identified in the past, this time most OpenSSL implementations have a critical vulnerability.
Researchers in Codenomicon and Google found the vulnerability inside the OpenSSL implementation code, see this link for more details: CVE-2014-0160. Once exploited, a threat agent can access sensitive information which includes passwords and secure key information. OpenSSL has recently provided a patch to address this vulnerability.

As a responsible vendor in the e-signature and digital signature space Ascertia knows the importance of alleviating client concerns about our products and services. Although this issue is causing huge waves in security circles, SigningHub.com users are unaffected. SigningHub does not use OpenSSL code and is therefore unaffected by this vulnerability. Consequently there has been no down-time or patching, users do not need to change their SigningHub passwords or worry about the privacy of their documents! This includes both the SigningHub website and the SigningHub mobile apps (iOS and Android).

For high security SigningHub uses the most advanced and secure EV SSL certificates that follow the requirements published by the CAB Forum (a forum of major browser vendors to ensure a secure browsing experience). You can observe this by looking at the green bar shown in a browser which shows that an EV SSL digital certificate was issued to the identified vendor.

EVSSL bar


Topics: ascertia, Signinghub, HeartBleed, EV SSL digital certificate, OpenSSL, EV SSL certificates

Posts by Topic

see all

Download this essential eBook

Choosing the right type of e-signature
for your business

Download your eBook