bruce

About Bruce Blackshaw

Bruce has been writing software professionally for almost 25 years, and has worked in a number of industries, including commercial software development and investment banking. He has wide experience in encryption, security, and network protocols such as SSL/TLS, SSH, SFTP and FTPS. Bruce currently works on developing CompleteFTP.

LinkedIn hack and password encryption

You might remember the LinkedIn hack of 2012. Their password encryption was extremely poor, and it was easy for anyone who obtained the leaked password files to retrieve the original passwords. At the time it was announced that 6.5 million accounts had been compromised.

Password hashing
Actually, passwords are rarely encrypted (which implies they can be decrypted) – instead […]

By |May 26th, 2016|Announcements, Blogs|Comments Off on LinkedIn hack and password encryption

Major advance in random number generation

An advance in random number generation? Who cares? What’s so important about improving the way we generate random numbers, and how does this tie in with security?
What are random numbers?
Random numbers are numbers that are completely unpredictable, and they are of paramount importance in cryptography.  Most cryptographic algorithms depend in some way on random numbers, usually […]

By |May 20th, 2016|Announcements, Blogs|Comments Off on Major advance in random number generation

Another SWIFT hack

We recently reported that the SWIFT financial network for international bank transfers was compromised. Now there has now been another SWIFT hack.

SWIFT representatives, the New York Fed and Bangladesh Bank (which was the source of the hack) recently met in Basel, Switzerland to discuss the initial cyber fraud. There has been accusations on both sides about […]

By |May 13th, 2016|Announcements, Blogs|Comments Off on Another SWIFT hack

Vehicle hacking is here

You might remember the infamous Jeep hack last year, in 2015. In a scary demonstration, Charlie Miller and Chris Valasek demonstrated their ability to remotely control almost everything, including steering and braking. They could even kill the Jeep’s engine. The hack was done 10 miles from the car – and could have been performed from up […]

By |May 7th, 2016|Blogs, Discussion|Comments Off on Vehicle hacking is here

SWIFT bank transfer network hacked

The SWIFT bank transfer network has been hacked.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a Belgian co-operative owned by 3,000 financial institutions. SWIFT is a secure network for sending financial transactions between these institutions. It’s how international bank transfers are made.

SWIFT doesn’t actually send money – it sends messages that instruct payments […]

By |April 28th, 2016|Announcements, Blogs|Comments Off on SWIFT bank transfer network hacked

Short URLs expose cloud security holes

Cloud security
We’ve discussed some of the issues associated with cloud security previously. Many companies store confidential documents in the cloud, often unknown to companies themselves. Individuals simply use cloud-based services for collaboration because they are convenient.

Recently, a new security issue for cloud-based services has been flagged, this time to do with short URLs.
What are […]

By |April 22nd, 2016|Blogs, Discussion|Comments Off on Short URLs expose cloud security holes

Vendor trust and the Internet of Things

We recently discussed the potential security and privacy issues surrounding the Internet of Things (IoT)  – the rapidly growing network of “smart” devices we use that are connected via the Internet. Unfortunately, security and privacy are not necessarily high priorities for many technology companies. They are in a race to develop features that will establish their […]

By |April 19th, 2016|Blogs, Discussion|Comments Off on Vendor trust and the Internet of Things

Encryption debate rolls on

The San Bernardino court case may be over, but the encryption debate is still very much alive.

On Tuesday, representatives from both Apple and the FBI will be testifying before Congress to the Energy and Commerce Committee hearing entitled “Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives”.

This is only days after the absurd Compliance with Court […]

By |April 16th, 2016|Announcements, Blogs|Comments Off on Encryption debate rolls on

Draft US senate encryption bill leaked

A draft of the US senate encryption bill has been leaked, and it makes for unpleasant reading. It’s called the Compliance with Court Orders Act of 2016.

The draft mandates that a company, when presented with a court order,  must provide technical assistance to decrypt data that its products have encrypted. Even a software distributor is subject […]

By |April 12th, 2016|Announcements, Blogs|Comments Off on Draft US senate encryption bill leaked

WhatsApp is now fully encrypted

Facebook has aggressively thrown down the gauntlet in the wake of the Apple vs FBI controversy. WhatsApp was acquired by Facebook a couple of years ago, and they have just announced that their messenger application is now fully encrypted, end-to-end. What’s more, encryption is on by default all the time. Every single message, photo, video, or voice […]

By |April 7th, 2016|Announcements, Blogs|Comments Off on WhatsApp is now fully encrypted