9 10, 2015

SHA-1 now broken

SHA-1 is a hash algorithm that has been widely used in cryptography. Hash algorithms are mathematical functions that take a block of data of arbitrary size (called the message) as input, and produce a fixed length output (the message digest, often called the digest or the hash). Two important uses are in the creation of digital certificates, and for verifying the integrity of data.

The key feature of hash algorithms that is important in cryptography […]

3 10, 2015

Software testing lessons from VW

In our last post, we discussed how VW managed to manipulate their vehicle emissions so they could pass the EPA standards, even though in normal use they emitted up to 40 times what was legally permitted. The fallout is continuing, and estimates for the total cost to VW are nearing $100 billion, according to Credit Suisse’s worst case scenario. Apart from huge fines, VW will have to compensate 11 million owners for the […]

26 09, 2015

How did VW trick the EPA?

Over the last week we’ve learnt that VW perpetrated a massive fraud on the US Environmental Protection Agency, and on other government agencies world-wide.

It seems that 11 million VW diesel vehicles are emitting fumes that are up to 40 times more toxic than is permitted!

What’s so bad about diesel emissions? Two things – they contain fine particles which can cause a variety of health problems, and they contain nitrogen oxides (NOx) which are also harmful (and combine […]

23 09, 2015

The dangers of cloud storage part 2

A year ago, we wrote a blog post on the dangers of cloud storage, primarily focusing on privacy issues. This post was motivated by the publicity associated with leaked celebrity photos, and pointed out that cloud storage of confidential corporate data can be very risky. The risks are heightened if your data is stored in a geographical location that may have an entirely different legal framework for privacy of data.

The recent Amazon AWS outage offers […]

11 09, 2015

How does FTPS compare to SFTP?

Previous posts have explained how FTPS and SFTP work. Essentially, both protocols achieve exactly the same thing – secure file transfer and secure, remote manipulation of file-systems.

They are, however, completely different protocols, and people implementing a secure file transfer solution will need to decide which protocol to use.

Existing usage is naturally an important consideration. If SFTP and/or SSH is already used in other areas of an organization, it is prudent to use SFTP. Existing […]

13 08, 2015

How does SSL/TLS work – part five – FTPS

An earlier group of posts in this series covered the SSL/TLS protocol in detail. They neglected, however, to mention one of the most common uses of SSL/TLS – to implement a secure form of file transfer known as FTPS.

Traditional FTP as defined in RFC 959 makes no mention of security. This is understandable as it was written in 1985 and based on even older RFCs. This was when universities and the military were the primary users of the […]