Announcements

OpenSSL security audit

OpenSSL is to undergo a comprehensive security audit by NCC Group.

OpenSSL is one of the most widely deployed software libraries in the world, and is a critical part of the Internet’s security infrastructure. It is an open source implementation of the Secure Sockets Layer (SSL 2/3) and Transport Layer Security (TLS), and is used […]

By |March 14th, 2015|Announcements, Blogs|Comments Off on OpenSSL security audit

Phasing out SHA-1

Hash algorithms such as MD5 and SHA-1 are important mathematical functions used widely in software, particularly in secure protocols such as SSL/TLS and SSH.

These functions are supplied a block of data, known as the message, and produce a much smaller hash value, known as the message digest or simply the digest. The same message will always result in the […]

By |February 12th, 2015|Announcements, CompleteFTP|Comments Off on Phasing out SHA-1

The CompleteFTP roadmap for 2015

CompleteFTP, our secure FTP server for Windows, has quite a long development history, and has undergone considerable change since its inception. HTTP support, clustering, a multi-protocol gateway, file sharing and custom extensions are just some of the key features added in the last few years.

But what of the future? What can CompleteFTP users expect from 2015?

Last year we […]

By |January 21st, 2015|Announcements, CompleteFTP|Comments Off on The CompleteFTP roadmap for 2015

CompleteFTP wins SFTP server recommendation from users

Survey reveals that more than 4 out of 5 CompleteFTP users would recommend it to others in need of secure FTP server software. CompleteFTP is SFTP server software trusted by thousands of organisations worldwide to securely transfer files and automate business processes every day. In research conducted early in 2014, customers rated a powerful feature-set, […]

By |November 4th, 2014|Announcements|Comments Off on CompleteFTP wins SFTP server recommendation from users

The POODLE SSL vulnerability resolved

By now most people will have heard of the POODLE SSL vulnerability, a flaw in the SSL 3.0 protocol that affects FTPS and HTTPS. We’ve recently blogged about POODLE in some detail. We’ve spent the last couple of weeks updating our products to deal with POODLE, and can today say that the latest versions […]

By |November 4th, 2014|Announcements, Blogs|Comments Off on The POODLE SSL vulnerability resolved

POODLE SSL Vulnerability addressed in CompleteFTP 8.1.3

We recently posted about the POODLE vulnerability, a flaw in the SSL 3.0 protocol that affects FTPS and HTTPS. This has now been addressed in the release of CompleteFTP 8.1.3, which disables SSL 3.0 by default. SSL 3 is superceded by TLS, and over 99% of clients should support TLS 1.0 or higher. Users […]

By |October 23rd, 2014|Announcements, Blogs|Comments Off on POODLE SSL Vulnerability addressed in CompleteFTP 8.1.3

POODLE, SSL and EnterpriseDT software

Security researchers at Google recently discovered the POODLE SSL vulnerability, a security flaw in an older version of the SSL/TLS protocol, SSL 3.0.
Important facts about POODLE

SFTP, SCP and SSH are not vulnerable to POODLE attacks – only FTPS and HTTPS are vulnerable as they use SSL/TLS.
POODLE affects the SSL3 protocol. SSL3 is an older member of […]

By |October 17th, 2014|Announcements|Comments Off on POODLE, SSL and EnterpriseDT software

7 million DropBox passwords stolen – corporate data at risk

7 million DropBox passwords have been stolen (read more). A friend who works at a well-known Australian company has told us that IT admins are warning staff to immediately change their DropBox passwords. Despite company policy stating that company files must not be stored on external computers, staff of this company have found DropBox […]

By |October 14th, 2014|Announcements|Comments Off on 7 million DropBox passwords stolen – corporate data at risk

Microsoft no longer recommends “FIPS mode”

Microsoft no longer recommends using “FIPS mode” on their operating systems.

FIPS is the United States Federal Information Processing Standard , which defines the cryptographic algorithms approved for use by US Federal government computer systems.

Enabling FIPS mode in Windows enforces the use of only FIPS-validated cryptographic algorithms. 

Why doesn’t Microsoft recommending using FIPS mode any more? There’s multiple reasons, […]

By |October 11th, 2014|Announcements, Blogs|Comments Off on Microsoft no longer recommends “FIPS mode”

Shellshock, the bash bug, bashdoor

Shellshock is the latest security bug to grab the media’s attention. It’s a security flaw in the popular bash shell, which is an open source Unix shell. A shell is a command-line interpreter, similar to the Windows command prompt – commands are typed into the shell and executed by it.

The bug causes bash to unintentionally execute commands […]

By |October 1st, 2014|Announcements, Blogs|Comments Off on Shellshock, the bash bug, bashdoor