23 10, 2014

Addressing the POODLE vulnerability

We recently posted about the POODLE vulnerability, a flaw in the SSL 3.0 protocol that affects FTPS and HTTPS.

This has now been addressed in the release of CompleteFTP 8.1.3, which disables SSL 3.0 by default. SSL 3 is superceded by TLS, and over 99% of clients should support TLS 1.0 or higher. Users should upgrade as soon as possible by uninstalling and reinstalling using the latest production installer, available now.

It is […]

20 10, 2014

SFTP Public Key Authentication

One of the questions we at EnterpriseDT are most often asked is how to get SFTP Public Key Authentication to work.

In this article, I’ll run through our step-by-step instructions for getting SFTP up and running in your environment, along with an explanation of the main terms.

SFTP Set-up – Basic Instructions

  1. [Client-side] Generate a public/private key-pair
  2. [Client-side] Add private key to client software
  3. [Server-side] Add public key to user’s account
  4. [Client-side] Connect to server
  5. [Client-side] Smile (or not)

SFTP Set-up – Detailed Instructions

  1. [Client-side] […]
17 10, 2014

The POODLE vulnerability and EnterpriseDT software

Security researchers at Google recently discovered the POODLE vulnerability, a security flaw in an older version of the SSL/TLS protocol, SSL 3.0.

Important facts about POODLE

  • SFTP, SCP and SSH are not vulnerable to POODLE attacks – only FTPS and HTTPS are vulnerable as they use SSL/TLS.
  • POODLE affects the SSL3 protocol. SSL3 is an older member of the SSL/TLS family of protocols, which was succeeded by 

How to FTP through a firewall

Firewalls present challenges for users of FTP and (particularly) FTPS. The root cause of the problem is that a single session using these protocols requires more than one socket connection. A new socket connection is made for every directory listing and for every file transfer.  Each of these additional socket connections must be made on a different port, so even though the main FTP connection (called the ‘control channel’) may have made […]

14 10, 2014

7 million DropBox passwords stolen – corporate data at risk

7 million DropBox passwords have been stolen (read more). A friend who works at a well-known Australian company has told us that IT admins are warning staff to immediately change their DropBox passwords. Despite company policy stating that company files must not be stored on external computers, staff of this company have found DropBox file-sharing so compelling that they’re using it anyway.

End-users are hungry for DropBox-like file-sharing and companies […]