11.18.2014

The POODLE Exploit and CopiaFacts E-Mail

This posting affects only early adopters of CopiaFacts version 8.2, and then only those who
  • use SSL/TLS to log in securely to their own ISP or corporate mailserver to send CopiaFacts e-mail (the 'via ISP' option), or
  • use SSL/TLS with version 8.2 of EMDIRECT, which sends system notifications via a specified mail server.

The POODLE exploit renders the old SSL 3.0 authentication mechanism insecure, and should not be used unless the server you are connected to does not support the more modern TLS authentication.

In 8.2 builds up to build 8.2.0.42, CopiaFacts allowed authenticated connection using any SSL or TLS version supported by the server.  In 8.2.0.42, as soon as the implications of POODLE became apparent, we changed the default so that only TLS is allowed, but provided an override to enable SSL 3.0.

From build 8.2.0.43, CopiaFacts begins a secure e-mail transmission by using TLS only, but if the server connection fails, we automatically drop back to allow SSL, but using a fallback mode which is designed to prevent the POODLE exploit from intercepting the transmission.  The override option to allow basic SSL 3.0 has been removed.

The default CopiaFacts e-mail uses MX lookup and connection to the recipient's mail server.  Authentication is not used in this case and the considerations of this posting do not apply.  SSL/TLS is not used in CopiaFacts 8.1 or earlier so these versions are also not affected.

1.29.2014

babyTEL, Copia International, and Commetrex Team for High-Availability Breakthrough


January 23, 2014 – Atlanta, GA – babyTEL (Montreal), Copia International (Chicago), and Commetrex (Atlanta) have developed a high-availability technology they call “Active-Active Redundancy.”  The three technology partners claim that Active-Active technology delivers inbound availability for fax-over-IP calls (FoIP) in excess of 99.999%.  Although the technology is currently being used for inbound FoIP, it applies equally well to voice (VoIP).
The solution marries technologies from each of the three partners:
  • babyTEL provides the T.38 real-time FoIP access and carrier services.
  • Copia provides the fax server (CopiaFacts).
  • Commetrex provides its BladeWare HMP telephony platform on which CopiaFacts is based
The inbound process begins with babyTEL simultaneously delivering a call to two (or more) redundant servers, which can be in different cities or even countries.  The key concept is for one of the Copia servers to immediately accept the call and the other to delay accepting the call…say for 200-milliseconds.  The babyTEL service acknowledges the first-arriving call acceptance and cancels the other. 
To determine whether to answer a call immediately or wait, CopiaFacts utilizes a special feature Commetrex added to BladeWare, according to Mike Coffee, Commetrex’ CEO.  “BladeWare will deliver calls to client applications in either the alerting or connected state.  So, when a call is delivered to the CopiaFacts server, it can examine call-related data to determine whether to accept the call.  In this application, each server will be assigned to immediately accept either odd- or even-numbered calls, delaying acceptance of the other half, which, of course, are immediately accepted by the other server, guaranteeing that each server receives half the calls.  If one of the servers goes off line, all calls will be awarded to the remaining on-line server, half of them immediately, half in 200-milliseconds.” 
“High-Availability deployments have been available for some time, but they have been extremely complex to develop and deploy.  This one, in spite of the complexities introduced by three companies working together, is as simple to deploy as adding one more server,” noted Steve Hersee, CEO of Copia International.  Hersee continued: “Customers can ensure their mission-critical telephony applications will continue to work in the face of component malfunction, natural disaster, or a software failure. The solution also addresses business continuity needs for disaster recovery when deployed in a geographically diverse configuration.”.
“But none of this matters if the FoIP call isn’t successfully delivered,” added Stephen Dorsey, CEO of babyTEL.  “We deliver call-completion rates exceeding that of comparable services over legacy networks, and we do it using industry-standard T.38 real-time fax over the Internet.”
About babyTEL
Headquartered in Montreal, and founded in 1991, babyTEL develops in-house, advanced telecommunication services for its VoIP “triple play” of voice, fax, and modem services over the Internet. babyTEL’s customized suite of services are delivered to residential and corporate customers in over 7,000 locations across the U.S. and Canada. babyTEL services include Cloud Business Phone, Home Phone, FoIP, and Electronic Fax and are offered through its agents and reseller partners in the U.S. and Canada. To meet challenging needs, babyTEL customizes and expands its Services using its own development resources. Our partners, end-users, and network-support teams benefit from the availability of in-house developers for effective and timely support.
About Commetrex
Founded in 1990, Commetrex Corporation provides industry-leading fax technologies to telecom-equipment OEMs and VoIP service providers. Commetrex has unrivaled expertise in fax-over-IP (FoIP) technology. Its FaxTap for SIP and the BladeWare™ telephony server with Smart FoIP® are moving FoIP reliability to a higher level. Commetrex is expanding its product line to offer the same technology excellence to the OEM developing voice-response and messaging systems with BladeWare Studio and BladeWare VXi. For more information on Commetrex, visit commetrex.com.
About Copia International
Founded in 1987, Copia International is an innovator in the communications solutions software market.  Daily, thousands of customers worldwide use CopiaFacts software suite of FaxFacts, VoiceFacts and E-MailFacts to send and receive information by fax, voice, or e-mail.  Copia holds the patents for its one-call fax-retrieval and mail-merge-to-fax technology.  www.copia.com 

            ###
Commetrex Contact
Marilyn Troup
Director, Marketing Communications
Commetrex Corporation
Direct: 770-407-6032
Fax: 770-242-7353

babyTEL Contact
Dana Salman
Marketing Manager
babyTEL
Direct: 514-448-4084
Fax: 514-879-8586

Copia International, Ltd. Contact
Dorothy Flanagan
VP of Marketing
Copia International, Ltd.
Direct: 800-516-5189
Fax: 641-741-6032
Email: dorothy@copia.com
Web: copia.com