EnterpriseDT Blogs

“Heartbleed” - a catastrophe

April 10th, 2014

According to Bruce Schneier, the “Heartbleed” OpenSSL bug is a catastrophic one.

Attackers can access all of a server’s memory, including user names, passwords, private keys - anything at all.

It’s probably safer not to use Internet banking and other services that rely on SSL to secure HTTP sessions for the time being, until your financial institution’s encryption libraries have been confirmed to be patched.

Fortunately, none of our products use OpenSSL, and so CompleteFTP, edtFTPj/PRO and edtFTPnet/PRO are not affected by “Heartbleed”.

CompleteBox adds private file storage

March 17th, 2014

CompleteFTP 8.1.0 has recently been released, and includes CompleteBox 1.1, which has some neat new features.

CompleteBox is a file sharing client that integrates with CompleteFTP. The most important of the new features is private storage. As well as sharing files publicly, users can now use CompleteBox to store their own files and retrieve them later - even on a different machine. This means you can store files at one location (e.g. work) and synchronize them at home. It’s also useful as a backup for important files. More details here.

Other useful changes in 8.1 include a single PDF containing the User Guide, and search added to the HTML User Guide.

People who use the CompleteFTP manager regularly will be pleased with the addition of the Undo button for changes. We like it!

Finally, SFTP admins may like the ability to set authentication methods at the user level (Enterprise Edition), and the multi-protocol gateway now supports SFTP public key authentication.

Acoustic Cryptanalysis

January 31st, 2014

This is amazing and scary - computers often emit high pitched sounds, and these sounds can actually leak security-sensitive details about what your computer is doing.

In particular, RSA decryption keys can be deduced from these sounds within an hour! This can be done via a mobile phone next to the computer.

More details here.

CompleteFTP file-sharing

December 11th, 2013

With the release of CompleteFTP 8.0 recently, collaborative file-sharing has been added to CompleteFTP’s many capabilities (in the Professional and Enterprise editions).

CompleteFTP now ships with a file-sharing client called CompleteBox. A user account must be set up on the CompleteFTP server, and the CompleteBox client installed on the user’s local machine. The user enters their credentials, and they can now share their local files by either right-clicking on a file and selecting the “Share with CompleteBox” menu item, or by explicitly selecting a file from the CompleteBox client.

The selected file is uploaded to the CompleteFTP server and a unique URL for the file is generated. The user can then email or send the URL to anyone for downloading.

By default, one user license ships with CompleteFTP, and further user licenses can be purchased. More details can be found here.

Port forwarding feature added

October 9th, 2013

From version 7.4.0, CompleteFTP (Professional and Enterprise Editions only) supports local SSH port forwarding (often known as SSH tunneling). This means SSH tunnels can be established between a client machine and CompleteFTP that other protocols can use.

Why would you use SSH port forwarding (also called SSH tunneling)? There are two reasons - firewalls and security.

Consider the scenario where an employee using a laptop outside the corporate network wants to give a demonstration to a customer using a machine within the corporate network. Perhaps they want to use RDP (the Remote Desktop Protocol) and it has not been set up in secure mode. In this scenario a CompleteFTP server is also within the corporate firewall.

Firewalls

By default, RDP uses port 3389, but say for security reasons the corporate firewall does not permit external connections to this port number. If SSH port forwarding is used, all RDP traffic is transmitted over port 22 (the standard SSH port). There is no need to open the RDP port in the firewall.

Security

What’s more, the RDP protocol is transmitted securely over the SSH tunnel. So unsecure protocols can be safely used via SSH tunnels. The only unsecure portion of the route is between CompleteFTP and the destination machine (the RDP machine), and both of these machines are inside the corporate firewall.

Setting up tunneling

How is port forwarding set up? For security reasons, it is disabled by default in CompleteFTP. It must be enabled both for the site and individual users. To enable port forwarding for the site, the Site tab in the CompleteFTP manager must be opened, and SSH Port Forwarding flag enabled, which is under the SFTP/SSH settings section. The users who require port forwarding must also have this option enabled, which is done in the User panel by selecting the user.

On the client side, the tunnel must be set up by an SSH utility such as PuTTY. When PuTTY sets up a local port forward, it listens on the client for connections on the local port specified. When a connection on the client is made to this local port on the local machine, the SSH tunnel is established with CompleteFTP. All the data on this local connection is sent through the tunnel to CompleteFTP, which forwards it to the ultimate destination (set by PuTTY).

The NSA’s crypto “breakthrough”

September 3rd, 2013

An interesting article on people’s guesses about what the NSA is capable of, in the Economist, here.

CompleteFTP 8.0 to be released in Q4

August 21st, 2013

CompleteFTP 8.0 will be released in Q4. It has some exciting new features.

Our DropBox-like client is in beta, and will be part of 8.0. For the first release, functionality is fairly simple but still very useful - the client is a Windows tray app that allows you to select any file to share. The selected file is uploaded via a secure connection, and a unique URL is generated that can be emailed (or messaged) to share that file with others. The URL expires after a pre-set time (or if it is unshared). So basically it allows you to securely share files around the enterprise without relying on a cloud server that the US government is snooping on :)

The other major new feature is JSS, which stands for Javascript Server-Side. This means Javascript (normally only served up for execution in the browser) can be executed on the server, and the results served to the browser.

This opens up server-side development to Javascript developers who previously were confined to working in the browser. It helps leverage their skills much further. JSS is ECMAScript 3 compliant, so nearly all Javascript syntax in common use is supported.

CompleteFTP and ZIP files

November 26th, 2012

CompleteFTP 7.1.0 has just been released with a handy new feature - remote ZIP files can be displayed as folders, and browsed just like any other folder. Even better, individual files within the ZIP file can be downloaded separately. So instead of downloading a gigantic ZIP file, only the file that is actually required need be downloaded - potentially saving a lot of time and bandwidth.

Other enhancements for 7.1 include a key generator for users, and customized listings for HTML directories.

Independent reviews of EDT software

October 29th, 2012

Our software is listed in many software directories around the web.  We are often asked for backlinks from these directories, but usually don’t respond since these requests usually come from bots.  Occasionally, however, the amount of effort that’s gone into a directory-listing is so high that we feel compelled to link back.  We will be listing such reviews here:

CompleteFTP 7.0 released!!

September 21st, 2012

We are very pleased to announce that CompleteFTP 7.0 has been released!

The major new feature in 7.0 is support for clustering of multiple servers across different machines.

A single instance of CompleteFTP Manager can control multiple servers in a cluster. The servers in the cluster may be configured identically (useful for failover and load-balancing) or may be different. Configuration changes on what is known as the primary server will be instantly propagated to all the secondary servers in the cluster.

A set of servers that has been configured in a cluster may be used for load-balancing and failover (which is normally implemented via dedicated software or hardware). Note that currently server filesystems are not replicated.

A less spectacular but very useful feature also added in 7.0 is the ability to add new non-Windows users from the SSH command line, or via an SSH script.

A trial download and more details can be obtained at this link.