News


SSLv3 POODLE Vulnerability

Another month and another security vulnerability has hit the Internet. This time the vulnerability in question is SSLv3 POODLE, which could allow attackers to downgrade an encrypted communication with a web server and steal information such as cookies.

The recommended action to protect against any possible threat is that server owners should disable all communication using the old and dated SSLv3 protocol, and that users should ensure they are on the latest version of their preferred browser or turn off SSLv3 protocol in the options.

We have already performed an analysis of our infrastructure and like many other companies running secure servers on the Internet, we have now disabled any communication using SSLv3. All secure communication will now require the use of the TLS protocol.

What does this mean to you the user? 
Well, as long as you have a modern browser, not a lot. Websites all over the world will be gradually switching off support for SSLv3 and insisting on TLS. This will mean that any old browsers will no longer be able to use those websites. 

How old does a browser need to be for it to be affected? 
If you are still running Internet Explorer 6, or you have Windows XP without Service Pack 3, you will be affected as there is no support for TLS. However, considering the number of security vulnerabilities found in these versions, and the number of notices asking users to move away from these versions, this should not affect many users.

What other issues will I encounter because of this change? 
A side issue is that because many website administrators will be turning off SSLv3, they will now be insisting on a version of TLS, and we are starting to hear from some Product Providers that they will be insisting on the very latest version, TLS v1.2.
This version is supported in most browsers, but only enabled by default in the latest. For example, you would need Internet Explorer 11 on Windows 7 or Windows 8.1, for it to be turned on by default. Anything older will not be turned on, and your connection with the provider will be denied.
This will affect all connections to Provider extranets and many real time valuations.

What happens now? 
So, even though the main responsibility of this vulnerability falls on server administrators to turn off SSLv3, many users of secure sites will now need to ensure that they are on the latest version of browsers, possibly turn on TLS support, and maybe even turn off support for SSLv3.

The site below will guide you through turning off support for SSLv3 from within your specific browser. While you are in the options page, you should be able to see how to enable TLS 1.0 through TLS 1.2 as well.

  Disabling SSLv3 Support in Browsers 

As always, we encourage you to seek similar assurances from other services that you use, specifically any financial services, product providers etc that you rely on and any cloud based backup or hosted services you may be using.

If you have any questions, please feel free to contact our technical support at  This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 

Shellshock Vulnerability

 

This week the world was informed of another wide scale vulnerability in Linux and embedded systems. The vulnerability could allow a remote user to execute arbitrary commands on a compromised system, which could allow the attacker to reveal protected information.

This has received extensive coverage in the media, known officially as CVE-2014-6271, but reported informally as Shellshock. It is thought to potentially be more widespread than the recent Heartbleed vulnerability in OpenSSL software, as the bug has been around for almost 25 years. To find out more, please visit the following website Bash Shellshock-Vulnerabilty

Just to clarify, your installed JCS software is not affected by this issue, and in general, Windows based systems should not be affected, however we do use such systems within our infrastructure.

We immediately performed an analysis as to the extent of this issue and how it may affect our systems, and can let you know that even though many of our servers had the affected software installed, this vulnerability was already mitigated as the services that could allow the system to be compromised, had already been disabled at build time. This includes all of our front facing and infrastructure services.

Best practice has ensured that we have now already patched the affected servers, and even though we have performed our own testing on our third party suppliers, such as the commission mailbox service, we will be seeking assurances from them over the coming days that they have patched their systems as well.

We encourage you to seek similar assurances from other services that you use, specifically any financial services, product providers etc that you rely on and any cloud based backup or hosted services you may be using.

If you have any questions, please feel free to contact our technical support at  This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

RMAR Reporting with JCS

 

JCS' latest software release contains updates to the RMAR (GABRIEL) Adviser Charges schedule to further enhance reporting under the new FCA standards. This subject has been one of much debate and confusion, but completing your RMAR Reporting is now made easier with JCS Adviser Software Suites.

Should any existing clients require any assistance, please do not hesitate to contact the Tech Support team on 08450 049 599 opt 1. Whilst JCS cannot complete these reports on your behalf, we can offer guidance and assistance on how best to complete the submission.

For information about moving to JCS Adviser Software
Please call 
08450 049 599 opt 6

 

New Contract Enquiry Integration

The JCS Contract Enquiry service now enables you to perform Bulk Valuations with Novia.  Although this service is primarily a Bulk Valuation Download service, it has been implemented in JCS to enable users to also perform single policy RTV.

For registration and user guidelines click here

 

 


 

JCS User Forums

The JCS Forum enables you to discuss important issues, make feature requests, share your thoughts and vote on how useful you found each post. This is part of our initiative to increase communication with our customers and to better understand the needs of their business.

You can find the User Forums from within your JCS Software (Help Menu) or by clicking on the Support menu option from this website, alternatively click here!

Go

 


VAT FREE, How do we do that?

VAT FREE

From Tuesday, 04 January 2011 VAT increased from 17.5% to 20%. You would expect our monthly subscriptions to have been affected by this increase, but as existing JCS customers will tell you, JCS do not charge VAT and haven't done so for some years. "How are you able to do this?", you may ask. Since 2005 JCS Head Office has been situated in Guernsey in the Channel Islands, so we are able to take advantage of the UK's VAT Reverse Charge Scheme that means there is no VAT on our invoices for software subscriptions.

Call on: 08450 049 599

 



Demonstrations

If you would like a demonstration  please call on 08450 049 599 option 6 to arrange a suitable time. A member of our professional Technical Support Team will call you back. You will be able to see their screen on your screen and they will be able to deliver a LIVE online demonstration of Adviser Essential, Adviser Professional & Adviser Lifestyle, which will be tailored to your needs on-the-fly, in response to any questions you may have!

 


FREE Online Training

FREE Training

Up to 3 hours FREE Online Training per customer is now available when you subscribe to Adviser Essential or Adviser Lifestyle!

Adviser Essential provides comprehensive administration with powerful financial planning that is seamlessly integrated with Adviser Lifestyle our ground breaking next generation cashflow modelling tool that offers so much more than the 'lifetime only' cashflow modelling products available on the market.

Read More >>

 

 

 



 

 

Last Updated on Thursday, 16 October 2014 13:16