**See Below: Fannie Mae, Fraud Service
We are currently investigating an issue that is affecting access to Fraud Service. Users may receive a warning that Fraud Service is currently offline or inaccessible. (1/28 11:25am PT)
Our Fraud Service partner is currently investigating an issue causing Encompass users to experience an error when attempting to access Fraud Service. (1/28 11:35am PT)
- Calendar Year 2015 FHA County Loan Limits Table in Encompass settings - Please reference Knowledge Base article #5621 in the Encompass Resource Center - https://resourcecenter.elliemae.com
- 1098 Reporting for Lender Year 2014 - Please reference Knowledge Base article #2912 in the Encompass Resource Center - https://resourcecenter.elliemae.com
On Saturday December 6th, Ellie Mae completed the TPO Setting Migration to Encompass 14.2.
- If your AE's are experiencing issue logging in and if you haven’t already done so, please be sure complete the pre-migration requirements to move your AE/LO Settings data to the new TPO Settings area in Encompass.
--Following the correct AE/LO settings configuration, an issue with the AE login may have persisted. A fix to address this issue was released 12/8/14.
- An issue affecting notifications not going to AEs was fixed on 12/16.
- An issue impacting some Loan Officer logins to TPO WebCenter will be addressed in a release tonight 12/9/14. The error message received when attempting to login is “Object Reference not set to an Object”
- An issue causing a parsing error to generate when a broker attempted to submit a new loan was addressed via a patch on 12/9/14. The error would have read: "An error occurred while parsing EntityName. Line X, position X"
- Our team is working on a fix to address an LO Comp issue: When a loan is uploaded through the TPO site, the LO Comp is deleted in the External Settings and does not reflect in the loan. An update to TPO will be released tonight, Thrusday, December 11 which will address this issue. Please refer to release notes available in the Resource Center for details of the update.
- Duplicate borrower pairs issue: When a user logs into the loan center and opens a loan, duplicate Co-Borrowers and listed. Next they click on manage and delete the duplicates and click "Next" to receive an error message prohibiting them from proceeding. The duplicate borrower pairs remain. Fix released 12/17/14
- Blank loan data from the AE login -- Account Executive goes to a loan in TPO using the navigation (selecting broker, LO, then the loan) everything works fine. But if they search the loan from the TPO list screen and select it, they receive a security certificate error and none of the data for the loan displays. Fix released 12/17/14
- Some users may not have the ability to lock and obtain pricing through the TPO WebCenter as the system may hang then time out. A possible workaround is to enable the “Other” loan type on the Encompass settings Loan Criteria tab for the company/branch. Fix released 12/17/14
Following this, for questions or to provide feedback, please email us at: TPOManagement@elliemae.com.
Please also review the following educational resource materials:
• Managing TPO Management Data Instructions.
• Managing Third Party Originators in Encompass White Paper
• TPO WebCenter Field Reference Guide
• TPO Management in Encompass video tutorial
• Encompass 14.2 Release Notes
What is the POODLE attack?
The POODLE attack ("Padding Oracle On Downgraded Legacy Encryption") is a man-in- the-middle (MITM) exploit, which attacks the browsers of end users, forcing them to use SSL 3.0. SSL 3.0 is less secure than modern protocols, and is susceptible to eavesdropping.
Who does it affect?
MITM attacks work by interfering with the pathway between end clients and TLS/SSL protected servers. The target for POODLE is end users’ browsers, and the attack must intercept and manipulate communications between client and server in order to work.
Is it a high severity event?
The risk to most end users is classed as LOW.
What is Ellie Mae Doing?
Ellie Mae is currently assessing the removal of SSL3.0 protocol and possible impacts specific to its suite of products and services.
How should I protect my users?
The attack primarily targets the browsers of end users rather than servers. Millions of web servers support SSL 3.0. Most security experts agree securing the endpoint by disabling SSL 3.0 support is the most effective method of defeating the POODLE attack. Each browser vendor is addressing the problem. If you use the following browsers, follow the appropriate link for further guidance:
Microsoft Internet Explorer, Chrome and Firefox: http://tweaks.com/windows/67027/how-to-protect-ie-chrome-and-firefox-from-the- poodle-ssl-v3-exploit
Chief Security Officer
Ellie Mae Inc.
## When experiencing general, system wide latency, we often refer to sites such as "www.internetpulse.net" and "www.downdetector.com" for ISP health statistics and to corroborate trends that might be occurring within the public domain that are affecting various Internet Service Providers. Common Windows networking utilities such as "ping" and "tracert" can be used to further isolate and determine the condition of the local and wide-area networks and the stability of various Internet Service Providers over which your internet traffic is routing.
Ellie Mae may be conducting scheduled system maintenance during the windows defined below.
Access to Encompass®, Encompass® services, and the Ellie Mae NetworkTM may be unavailable during a maintenance window.
|Tuesday, January 6||Scheduled maintenance||10pm - 2am PT|
|Thursday January 8||Scheduled maintenance||10pm - 2am PT|
|Saturday, January 10 / Sunday, January 11||Scheduled maintenance||8pm - 2am PT|
|Tuesday, January 13||Scheduled maintenance||10pm - 2am PT|
|Thursday, January 15||Scheduled maintenance||10pm - 2am PT|
|Saturday, January 17 / Sunday, January 18||Scheduled maintenance||8pm - 2am PT|
|Tuesday, January 20||Scheduled maintenance||10pm - 2am PT|