Exfiltration: Definition, Security Risk and Prevention

Exfiltration is an unauthorized file transfer (or other bulk data transfer) that creates a security breach by allowing malicious people outside a security perimeter access to confidential information.   As was the case with the infamous Target credit card breach, exfiltration is often used as the final step in a broader scheme to gather sensitive […]

Managed File Transfer and Heartbleed (Also FTP Servers)

The Heartbleed vulnerability in OpenSSL affects many managed file transfer, secure file transfer, FTP server and FTP client technologies.  File Transfer Consulting has compiled a list of vendor and project statements about Heartbleed remediation here. (Long story short, the “Heartbleed” vulnerability allows people to request chunks of memory from target servers.  This memory often contains […]

Is My Managed File Transfer Software Secure?

In a recent LinkedIn thread, Steve Thompson of Humana suggested that managed file transfer (MFT) vendors whose applications were cracked and used in a cyber attack would need to have “serious talks with their insurance carrier(s).”  Unfortunately, it may be easier to hack a managed file transfer application than you might think. Let’s pick on […]

Could Managed File Transfer Have Prevented the Target Credit Card Breach?

December’s Target credit card breach attracted my attention because it used FTP to send files from an “exfiltration” server at Target to criminals. Could managed file transfer (MFT) have prevented the attackers from sending (via “exfiltration“) Target’s sensitive data? The Target Hack Depended on File Transfer The Target attack was complex and required both skill […]

Managing SFTP Keys for Automated Access

Is the New IETF Draft a Best Practice or Shameless Plug? When does an IETF draft read like a vendor’s white paper?  When it’s the new “Managing SSH Keys for Automated Access” document by SSH Communications’s Tatu Ylonen. The Case for “Shameless Plug” SSH Communication’s venerable Tectia SSH solution is mentioned by name 6 times […]

Secure Coding: How to Avoid Accellion’s Password Reset Vulnerability

In a previous article I looked at a bug in Accellion’s code that allowed users to hijack each other user’s accounts by resetting each other’s passwords. (The bug was found and fixed in March 2012.) This article digs into the design flaw that led to the bug and how you can avoid the same error […]

Accellion’s Password Vulnerability Gives Black Eye to Managed File Transfer

Yesterday Nir Goldshlager published an article and YouTube video (see below) that shows how he was able to reset the passwords of other users on a high profile Accellion system running at least eight months behind the current security patch. Essentially, he found that an old version of Accellion allowed any authenticated user to pass […]

Low and Slow Brute Force FTP Scanner

LowAndSlow is a free utility that attempts “low and slow” brute force sign-ons against a selected FTP server, FTPS server, or SFTP server. LowAndSlow works off a list of usernames and a list of passwords, and waits a configurable number of seconds between each attempt.  If the delay is set to 0 or 1, LowAndSlow […]

What does the SSL/TLS BEAST exploit mean for my web-based file transfer application?

Researchers have discovered a serious vulnerability in TLS v1.0 and SSL v3.0 that allows attackers to silently decrypt data that’s passing between a webserver and an end-user browser. This vulnerability can be exploited using a new cookie-based technique called “BEAST” (“Browser Exploit Against SSL/TLS”) that takes advantage of block-oriented cipher implementation such as AES and […]

How to Detect and Prevent “Low and Slow” Brute Force Attacks

Low and slow brute force attacks against FTP servers, SSH servers and WebDAV servers are already happening, so it’s important to learn how to detect and mitigate this increasing threat. “Rapid Fire” vs. “Low and Slow” We’ve all seen script kiddies fire up an SSH session and try 500 root passwords against a server in […]