EnterpriseDT Security Blog

Our business is information security, and so we blog on a variety of topics in this area. We often comment on the security aspects of current affairs, as well as providing technical discussion on cryptography and related areas such as privacy. We are particularly interested in secure protocols such as SSL/TLS and SSH. Our flagship product is CompleteFTP, a Windows server supporting FTPS, SFTP, SCP and HTTPS, all of which are reliant on SSH and SSL/TLS.

28 04, 2016

SWIFT bank transfer network hacked

The SWIFT bank transfer network has been hacked.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a Belgian co-operative owned by 3,000 financial institutions. SWIFT is a secure network for sending financial transactions between these institutions. It’s how international bank transfers are made.

SWIFT doesn’t actually send money – it sends messages that instruct payments to be made between institutions. Banks have agreements with certain other banks in the network, and so when […]

22 04, 2016

Short URLs expose cloud security holes

Cloud security

We’ve discussed some of the issues associated with cloud security previously. Many companies store confidential documents in the cloud, often unknown to companies themselves. Individuals simply use cloud-based services for collaboration because they are convenient.

Recently, a new security issue for cloud-based services has been flagged, this time to do with short URLs.

What are short URLs?

Short URLs can be extremely useful for sharing links, especially on mediums like Twitter that have a limited number […]

19 04, 2016

Vendor trust and the Internet of Things

We recently discussed the potential security and privacy issues surrounding the Internet of Things (IoT)  – the rapidly growing network of “smart” devices we use that are connected via the Internet. Unfortunately, security and privacy are not necessarily high priorities for many technology companies. They are in a race to develop features that will establish their products over those of their competitors.

But this aren’t the only issues with the IoT. There are also the issues […]

16 04, 2016

Encryption debate rolls on

The San Bernardino court case may be over, but the encryption debate is still very much alive.

On Tuesday, representatives from both Apple and the FBI will be testifying before Congress to the Energy and Commerce Committee hearing entitled “Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives”.

This is only days after the absurd Compliance with Court Orders draft legislation was leaked, which mandates that companies decrypt customer data on request.

It is also soon after […]

12 04, 2016

Draft US senate encryption bill leaked

A draft of the US senate encryption bill has been leaked, and it makes for unpleasant reading. It’s called the Compliance with Court Orders Act of 2016.

The draft mandates that a company, when presented with a court order,  must provide technical assistance to decrypt data that its products have encrypted. Even a software distributor is subject to these requirements.

This is a ludicrous bill that is difficult to take seriously. It essentially bans end-to-end encryption, including […]

7 04, 2016

WhatsApp is now fully encrypted

Facebook has aggressively thrown down the gauntlet in the wake of the Apple vs FBI controversy. WhatsApp was acquired by Facebook a couple of years ago, and they have just announced that their messenger application is now fully encrypted, end-to-end. What’s more, encryption is on by default all the time. Every single message, photo, video, or voice call sent via WhatsApp can only be decrypted by the recipient.

The WhatsApp security protocol is detailed here. It’s known […]