SigningHub unaffected by the HeartBleed OpenSSL vulnerability

Posted by Liaquat Khan on 09-Apr-2014 17:02:00

Security is our top priority. In this blog, we discuss the HeartBleed OpenSSL vulnerability - and SigningHub's protection against it.



Heart-Bleed


OpenSSL is one of the most commonly used toolkits to implement PKI services. It is free/open source, regularly updated and comes bundled with Linux. You can also install its binaries on Windows.

Although issues in the SSL protocol have been identified in the past, this time most OpenSSL implementations have a critical vulnerability.

Researchers in Codenomicon and Google found the vulnerability inside the OpenSSL implementation code - see this link for more details: CVE-2014-0160.

Once exploited, a threat agent can access sensitive information, including passwords and secure key information. OpenSSL has recently provided a patch to address this vulnerability.

SigningHub's response to HeartBleed OpenSSL

As a responsible vendor in the eSignature and digital signature space, Ascertia knows the importance of alleviating client concerns about our products and services.

Although this issue is causing huge waves in security circles, SigningHub.com users are unaffected. SigningHub does not use OpenSSL code. Therefore, it is unaffected by this vulnerability.

Consequently, there has been no down-time or patching, users do not need to change their SigningHub passwords or worry about the privacy of their documents. This includes both the SigningHub website and the SigningHub mobile apps (iOS and Android).

For high security, SigningHub uses the most advanced and secure EV SSL certificates. These certificates follow requirements published by the CAB Forum (a forum of major browser vendors to ensure a secure browsing experience).

You can observe this by looking at the green bar shown in a browser. It indicates that an EV SSL digital certificate was issued to the identified vendor.

EVSSL bar


 
 

Recent Posts

Download this essential eBook

Choosing the right type of e-signature
for your business

Download your eBook