EnterpriseDT Security Blog

Our business is information security, and so we blog on a variety of topics in this area. We often comment on the security aspects of current affairs, as well as providing technical discussion on cryptography and related areas such as privacy. We are particularly interested in secure protocols such as SSL/TLS and SSH. Our flagship product is CompleteFTP, a Windows server supporting FTPS, SFTP, SCP and HTTPS, all of which are reliant on SSH and SSL/TLS.

25 11, 2015

Global tech giants back encryption

FBI director James B. Comey has for some time been a critic of encryption technologies, arguing that challenges for his agency are growing as groups they are monitoring “go dark” – a euphemism meaning they have begun encrypting their communications.

After the terrorist attacks in Paris, these objections have multiplied, despite evidence emerging that unencrypted SMS text messages were used to plan the attacks. Usually, critics of encryption are lobbying for government mandated “back doors” into encrypted systems that will […]

17 11, 2015

The UK’s draft Investigatory Powers Bill

The United Kingdom’s draft Investigatory Powers Bill is looking draconian. George Danezis from University College London has an excellent blog post detailing the most serious implications of the bill, particularly its gagging orders against disclosure of state surveillance.

Of particular interest on this blog is Section 190(8) and its references to “technical capability notices”. These are obligations imposed on telcos “relating to the removal of electronic protection applied by a relevant operator to any communications or data”. A more colloquial […]

9 11, 2015

A safe harbour no longer

The United States is no longer regarded as a “safe harbour” for EU data – and that’s big (and welcome) news for Europeans.

In 1995, the European Union adopted the Data Protection Directive, which regulates how personal data is handled in the EU. As per all EU directives, each member state enacted their own legislation to implement the directive.

An important consequence is that companies are not permitted to send personal data outside the European Economic Area […]

30 10, 2015

RC4: your time is up

RC4 is a widely used stream cipher – an encryption algorithm – designed by Ron Rivest in 1987 for RSA Security (now a division of EMC). In 1994 the source code for RC4 was leaked on the Internet, and it quickly became popular because of its simplicity and speed. Because “RC4″ is trademarked, for many years implementations went under names such as ARCFOUR and ARC4.

RC4 has been widely used, both in WEP and WPA […]

24 10, 2015

TalkTalk hack

Details of a damaging hack of British phone and broadband provider TalkTalk’s customer database are emerging. Apparently, the credit card, bank details and account information of all of its 4 million customers has been stolen, leaving them wide open to fraud. TalkTalk has even received a ransom demand!

What’s worse is the suggestion that these details were not encrypted, which, if true, is a massive security blunder on TalkTalk’s part. If they were encrypted, […]

16 10, 2015

Privacy: nothing to hide, still something to fear

Our previous post explained that the “nothing to hide, nothing to fear” argument is based on a narrow view of privacy that assumes it is primarily about concealing our wrongs.

The argument says we shouldn’t be overly concerned about government surveillance programs, because the potential benefits of thwarting terrorist attacks far outweigh any minor sacrifices involving our privacy. And as law-abiding citizens, we have nothing to hide anyway.

But privacy has a much broader and complex […]