*See Below: eSign - residual exceptions in document retrieval and signing ceremony
*See Below - Encompass WebCenter Update
Fully Operational (Encompass 4506T - see below)
eSign - residual exceptions in document retrieval and signing ceremony:
* Following the maintenance completed last night to resolve issues affecting our eSign service yesterday; we expect to see residual effects of SOAP exceptions errors when retrieving documents from the eFolder today. This will occur for packages sent/returned prior to the maintenance activity that we performed on the evening of March 26.
- We ask that you retry to retrieve the document package again, or deselect individual documents in the package that might be causing the error. That has allowed most users to retrieve most of the documents. (3/27/15 - 4:00pm PT)
* Some users may experience intermittent issues attempting to eSign packages that were sent prior to the maintenance activity that occurred on the evening of March 26. Should the borrower/signer experience an issue while signing documents sent prior to March 27, documents will be converted to wet-sign or you can re-disclose. (3/27/15 - 9:15am PT)
* A maintenance activity to resolve intermittent errors while retrieving documents into the eFolder has been completed. (3/27/15 - 1:20am PT)
* We will be performing maintenance this evening to resolve intermittent issues resulting in SOAP error when attempting document retrieval. (3/26/15 - 7:45pm PT)
* We have received a report that retrieval of documents into the eFolder is resulting in a SOAP excepton. Our technical team is investigating now. (3/26/15 - 7:15pm PT)
* eFolder Document Retrieval is online and should no longer result in SOAP exceptions at this time. (3/26/15 - 3:10pm PT)
* As we work to stabilize eSign service, some users may experience SOAP exception errors while attempting to retrieve documents into the eFolder. (3/26/15 - 3pm PT)
*Encompass WebCenter Update:
- On the evening of Thursday, March 26, Ellie Mae will be taking critical steps toward securing your company’s WebCenter sites against the potential for exploitation via the use of legacy SSL protocols. These protocols are used for secure communication between browsers and web sites; and between programs and web services.
- If not already configured, and in order to retain functionality of your WebCenter site, you will need to prepare for this security change by modifying your current website’s domain name service and adding a new Canonical Name (CNAME) record. Click here to access the instructions to perform this modification.
***This change will not impact portable pages nor TPO sites.***
If you do not have a CNAME, or are unfamiliar with the necessary process to create a CNAME record with your domain name service provider, a named contact for your company should submit a case via the Encompass Resource Center, requesting guidance, by specifying the following options:
*Ellie Mae Network Services:
Encompass 4506T Service: The IRS has identified a specific group of transcript orders that were originally faxed to the vendor(s) on March 11 and 12, cannot be redelivered through the automated mailbox system. In the interest of time, the orders have been regenerated and were originally expected to be returned by late 3.27. However, the IRS has experienced further delays and these orders will experience additional delays. Currently, orders placed on March 20th and early on the 23rd are being returned. (Updated 3.27.15 7:35 am PDT)
What is the POODLE attack?
The POODLE attack ("Padding Oracle On Downgraded Legacy Encryption") is a man-in- the-middle (MITM) exploit, which attacks the browsers of end users, forcing them to use SSL 3.0. SSL 3.0 is less secure than modern protocols, and is susceptible to eavesdropping.
Who does it affect?
MITM attacks work by interfering with the pathway between end clients and TLS/SSL protected servers. The target for POODLE is end users’ browsers, and the attack must intercept and manipulate communications between client and server in order to work.
Is it a high severity event?
The risk to most end users is classed as LOW.
What is Ellie Mae Doing?
Ellie Mae is currently assessing the removal of SSL3.0 protocol and possible impacts specific to its suite of products and services.
How should I protect my users?
The attack primarily targets the browsers of end users rather than servers. Millions of web servers support SSL 3.0. Most security experts agree securing the endpoint by disabling SSL 3.0 support is the most effective method of defeating the POODLE attack. Each browser vendor is addressing the problem. If you use the following browsers, follow the appropriate link for further guidance:
Microsoft Internet Explorer, Chrome and Firefox: http://tweaks.com/windows/67027/how-to-protect-ie-chrome-and-firefox-from-the- poodle-ssl-v3-exploit
Chief Security Officer
Ellie Mae Inc.
## When experiencing general, system wide latency, we often refer to sites such as "www.internetpulse.net" and "www.downdetector.com" for ISP health statistics and to corroborate trends that might be occurring within the public domain that are affecting various Internet Service Providers. Common Windows networking utilities such as "ping" and "tracert" can be used to further isolate and determine the condition of the local and wide-area networks and the stability of various Internet Service Providers over which your internet traffic is routing.
Ellie Mae may be conducting scheduled system maintenance during the windows defined below.
Access to Encompass®, Encompass® services, and the Ellie Mae NetworkTM may be unavailable during a maintenance window.
|Tuesday, March 3||Scheduled maintenance||10pm - 2am PT|
|Thursday March 5||Scheduled maintenance||10pm - 2am PT|
|Saturday, March 7 / Sunday, March 8||Scheduled maintenance||8pm - 2am PT|
|Tuesday, March 10||Scheduled maintenance||10pm - 2am PT|
|Thursday, March 12||Scheduled maintenance||10pm - 2am PT|
|Saturday, March 14 / Sunday, March 15||Scheduled maintenance||8pm - 2am PT|
|Tuesday, March 17||Scheduled maintenance||10pm - 2am PT|
|Thursday, March 19||Scheduled maintenance||10pm - 2am PT|