In the United States, millions of people and companies have changed from using the internet for information to employing it for business. Account management, electronic bill presentation, and online account payment are all common uses. The next step in the e-commerce revolution is consumers and businesses actually entering into transactions online, and it is already here. Legislation has been passed to enable this—the Uniform Electronic Transactions Act (UETA) and the Electronic Signatures in Global and National Commerce Act (ESIGN), which were passed into law in 1999 and 2000, respectively. These laws help companies to conduct business efficiently over the internet by giving legal recognition and force to electronic signatures and records.
Electronic files that use the ESIGN and UETA laws are available to both residential and commercial mortgage lenders. These electronic records can be used to legally meet the requirements that information or records be provided to consumers “in writing.” However, the consumer must first agree to the use of these electronic records. MBA and its strategic partners describe how to handle these new disclosures and the conversion from paper to digital formats, as applies to mortgage transactions.
In the context of commercial real estate finance, borrowers, lenders, and vendors have the choice of electronically executing contracts, loans, and agreements rather than using traditional paper methods. These are legally considered to be equally valid as written documents when both parties satisfy the requirements to attain compliance with electronic signature laws. This includes the consent of the user to the electronic execution option and that the provider meets all identity verification requirements.
The ESIGN laws established that transactions made electronically are equally valid as those made using traditional pen-and-ink signatures. This opens the way for great benefits for the mortgage industry. Also, consumers benefit from electronic signatures that do away with the masses of paperwork that slow and complicate their transactions.
Monday, April 16, 2007
Thursday, April 12, 2007
Security Bugs in PKI Leave Openings For Hackers
A pair of flaws in the open-source GNU Privacy Guard program, also called GnuPG or GPG, could allow an attacker to upload unauthorized content into a PKI signed message, or possibly forge signatures on digital files. The GPG software is a free replacement for the Pretty Good Privacy cryptographic software and is shipped with many operating systems, including FreeBSD, OpenBSD, or many Linux distributions.
What does this mean for businesses? It could pose a threat to the reliability and value of PKI signatures, says an email from the Gentoo Linux security team. Should an attacker discover these flaws, they could add information to email security alerts or forge PKI signatures on unauthorized software updates.
Those who use the open-source PKI technology to verify the authenticity of emails or PKI signed files could be at risk, as could those who receive and use those files and messages.
PKI are often used, for example, by Linux and Unix distributors to send authenticated security announcements to their customers. PKI signatures are also used in certain software updates put out by these companies so their customers can be assured that the data they are receiving has not been tampered with. In short, the GPG technology is used in many ways to guarantee the authenticity of files, updates, and messages. Without this assurance, false “security updates” and emails with malicious files attached could become a daily occurrence.
Systems that need fixing include those that rely on GPG to distribute software updates, especially on Linux. Updates will be required to prevent any malicious alterations of software and data on these systems.
The GnuPG team has created fixes for the security flaws. Additionally, for those who have included the GPG technology in their products, updates have been offered to fix the problems. Another patch has been released to fix a flaw that would make it possible for an unauthorized person to insert data into a PKI signed message. This would mean that systems would still see this unauthorized data as authentic.
This flaw was discovered while researching an earlier problem for which a patch had already been release. That problem could cause automated signature checkers to verify a forged PKI signature as authentic and consider a malicious file safe.
As of yet, no reports have surfaced of attacks that exploit these vulnerabilities. However, users of this software are urged to install the security updates as soon as possible to ensure the protection of their systems.
Companies like SignatureLink overcome this obstical by using a secure online biometric signature that can be done with a mouse, touchscreen or PDA. This is not to be confused with older technology of digital signatures such as PKI signature.
For more information on secure digital signatures please go to http://www.signaturelink.com
What does this mean for businesses? It could pose a threat to the reliability and value of PKI signatures, says an email from the Gentoo Linux security team. Should an attacker discover these flaws, they could add information to email security alerts or forge PKI signatures on unauthorized software updates.
Those who use the open-source PKI technology to verify the authenticity of emails or PKI signed files could be at risk, as could those who receive and use those files and messages.
PKI are often used, for example, by Linux and Unix distributors to send authenticated security announcements to their customers. PKI signatures are also used in certain software updates put out by these companies so their customers can be assured that the data they are receiving has not been tampered with. In short, the GPG technology is used in many ways to guarantee the authenticity of files, updates, and messages. Without this assurance, false “security updates” and emails with malicious files attached could become a daily occurrence.
Systems that need fixing include those that rely on GPG to distribute software updates, especially on Linux. Updates will be required to prevent any malicious alterations of software and data on these systems.
The GnuPG team has created fixes for the security flaws. Additionally, for those who have included the GPG technology in their products, updates have been offered to fix the problems. Another patch has been released to fix a flaw that would make it possible for an unauthorized person to insert data into a PKI signed message. This would mean that systems would still see this unauthorized data as authentic.
This flaw was discovered while researching an earlier problem for which a patch had already been release. That problem could cause automated signature checkers to verify a forged PKI signature as authentic and consider a malicious file safe.
As of yet, no reports have surfaced of attacks that exploit these vulnerabilities. However, users of this software are urged to install the security updates as soon as possible to ensure the protection of their systems.
Companies like SignatureLink overcome this obstical by using a secure online biometric signature that can be done with a mouse, touchscreen or PDA. This is not to be confused with older technology of digital signatures such as PKI signature.
For more information on secure digital signatures please go to http://www.signaturelink.com
Monday, April 2, 2007
Digital Signatures – The Wave of the Future
The pharmaceutical industry has been using digital industries to sign FDA submission and other applications. If it’s safe for the pharmaceutical industry to use, then it’s even safer for those mortgage brokers and real estate agents to use. Think of the time that you can save if all of the contracts and other documents could be signed digitally instead of having to set up appointments to meet with everyone. The chain of events could be handled in a course of minutes from real estate agent to mortgage broker who would then begin processing the information for the buyer. To take it one step further, why not let the original sales contract go from the buyer to real estate agent to seller and then to mortgage broker? It’s already possible to apply for a pre-approved mortgage online, so a digital signature would simply make the process of finalizing the loan smoother and quicker for both buyer and seller.
As we look to the future, the concept of Esignature catching on within the mortgage and real estate industries is quite real and inevitable. After all, even five or ten years ago, we would never have thought of using an electronic signature to pay our bills, but today many people pay the majority of their bills online using either a standard electronic signature or the more secure digital signature. Allow yourself to be one of the first companies to experience the value of legally binding digital signatures with the help of the experts at SignatureLink.
With the majority of families being two-income families, it’s difficult sometimes for a real estate or mortgage broker to catch up with the buyers or sellers of a property at the same time in order to finalize a sales contract or mortgage application, but with digital technology in place, each can sign as it is convenient for them.
With many people today also changing jobs and moving to other towns, it means that a real estate agent doesn’t have to rush things along so that he can get all of the signatures before the buyer or seller leaves town for their new home. For companies who are taking over a home because an employee is being transferred, it means they don’t have to meet with the real estate broker in person; all contracts can be signed and verified online using safe and secure digital signatures. SignatureLink is well equipped to assist you with any questions or needs you may have.
for more information on digital signatures visit http://www.signaturelink.com
As we look to the future, the concept of Esignature catching on within the mortgage and real estate industries is quite real and inevitable. After all, even five or ten years ago, we would never have thought of using an electronic signature to pay our bills, but today many people pay the majority of their bills online using either a standard electronic signature or the more secure digital signature. Allow yourself to be one of the first companies to experience the value of legally binding digital signatures with the help of the experts at SignatureLink.
With the majority of families being two-income families, it’s difficult sometimes for a real estate or mortgage broker to catch up with the buyers or sellers of a property at the same time in order to finalize a sales contract or mortgage application, but with digital technology in place, each can sign as it is convenient for them.
With many people today also changing jobs and moving to other towns, it means that a real estate agent doesn’t have to rush things along so that he can get all of the signatures before the buyer or seller leaves town for their new home. For companies who are taking over a home because an employee is being transferred, it means they don’t have to meet with the real estate broker in person; all contracts can be signed and verified online using safe and secure digital signatures. SignatureLink is well equipped to assist you with any questions or needs you may have.
for more information on digital signatures visit http://www.signaturelink.com
Subscribe to:
Posts (Atom)