EnterpriseDT Security Blog

Our business is information security, and so we blog on a variety of topics in this area. We often comment on the security aspects of current affairs, as well as providing technical discussion on cryptography and related areas such as privacy. We are particularly interested in secure protocols such as SSL/TLS and SSH. Our flagship product is CompleteFTP, a Windows server supporting FTPS, SFTP, SCP and HTTPS, all of which are reliant on SSH and SSL/TLS.

26 05, 2016

LinkedIn hack and password encryption

You might remember the LinkedIn hack of 2012. Their password encryption was extremely poor, and it was easy for anyone who obtained the leaked password files to retrieve the original passwords. At the time it was announced that 6.5 million accounts had been compromised.

linkedin-1007071_640

Password hashing

Actually, passwords are rarely encrypted (which implies they can be decrypted) – instead they are passed to a one-way mathematical function called a hash […]

20 05, 2016

Major advance in random number generation

An advance in random number generation? Who cares? What’s so important about improving the way we generate random numbers, and how does this tie in with security?

What are random numbers?

Random numbers are numbers that are completely unpredictable, and they are of paramount importance in cryptography.  Most cryptographic algorithms depend in some way on random numbers, usually for generating passwords and cryptographic keys.

Unfortunately, it is extraordinarily difficult to generate sequences of numbers that are even close to being […]

13 05, 2016

Another SWIFT hack

We recently reported that the SWIFT financial network for international bank transfers was compromised. Now there has now been another SWIFT hack.

SWIFT representatives, the New York Fed and Bangladesh Bank (which was the source of the hack) recently met in Basel, Switzerland to discuss the initial cyber fraud. There has been accusations on both sides about the cause of the attack. SWIFT has firmly placed blame on the Bangladesh Bank for security lapses in […]

7 05, 2016

Vehicle hacking is here

You might remember the infamous Jeep hack last year, in 2015. In a scary demonstration, Charlie Miller and Chris Valasek demonstrated their ability to remotely control almost everything, including steering and braking. They could even kill the Jeep’s engine. The hack was done 10 miles from the car – and could have been performed from up to 70 miles away!

Their technical whitepaper gives the details. They actually found a few ways to hack into […]

28 04, 2016

SWIFT bank transfer network hacked

The SWIFT bank transfer network has been hacked.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a Belgian co-operative owned by 3,000 financial institutions. SWIFT is a secure network for sending financial transactions between these institutions. It’s how international bank transfers are made.

SWIFT doesn’t actually send money – it sends messages that instruct payments to be made between institutions. Banks have agreements with certain other banks in the network, and so when […]

22 04, 2016

Short URLs expose cloud security holes

Cloud security

We’ve discussed some of the issues associated with cloud security previously. Many companies store confidential documents in the cloud, often unknown to companies themselves. Individuals simply use cloud-based services for collaboration because they are convenient.

Recently, a new security issue for cloud-based services has been flagged, this time to do with short URLs.

What are short URLs?

Short URLs can be extremely useful for sharing links, especially on mediums like Twitter that have a limited number […]