CFTP Provides Managed File Transfer Training and Certification

Managed file transfer training and certification is finally available to companies who need to hire, onboard and retrain transmissions personnel. This two-minute video provides a quick overview of the new CFTP program, including a first look at the study guide, test and certificate. The CFTP program was developed in February 2014 and was in beta […]

Managing SFTP Keys for Automated Access

Is the New IETF Draft a Best Practice or Shameless Plug? When does an IETF draft read like a vendor’s white paper?  When it’s the new “Managing SSH Keys for Automated Access” document by SSH Communications’s Tatu Ylonen. The Case for “Shameless Plug” SSH Communication’s venerable Tectia SSH solution is mentioned by name 6 times […]

Syslog Test Message Utility

The Syslog Test Message Utility will send UDP-based syslog messages to any Syslog server you choose. It is free software and runs on any Windows operating system that supports .NET 4.0. After specifying the Syslog server hostname and UDP port (port 514 is the default Syslog port), you specify the level (e.g., “Information (6)”), facility […]

Secure Coding: How to Avoid Accellion’s Password Reset Vulnerability

In a previous article I looked at a bug in Accellion’s code that allowed users to hijack each other user’s accounts by resetting each other’s passwords. (The bug was found and fixed in March 2012.) This article digs into the design flaw that led to the bug and how you can avoid the same error […]

Low and Slow Brute Force FTP Scanner

LowAndSlow is a free utility that attempts “low and slow” brute force sign-ons against a selected FTP server, FTPS server, or SFTP server. LowAndSlow works off a list of usernames and a list of passwords, and waits a configurable number of seconds between each attempt.  If the delay is set to 0 or 1, LowAndSlow […]

When should I use a UC4 Schedule object?

By now you realize that there are several ways to get UC4 Jobs, JobFlows, Scripts and other objects to execute periodically.  Some of the more common ways include using “Execute Recurring…” from the GUI, using ACTIVATE_UC_OBJECT from another scheduled object’s script, relying on retry-until logic or activating a Schedule object. However, there are some clear-cut instances […]

How can I use UC4’s External Dependencies?

One of the hottest new features in UC4 job scheduling has been the inclusion of explicit “external dependencies” in JobFlows.   External dependencies allow steps within your JobFlows to wait for other JobFlows (or other objects) to finish up their runs before your JobFlows proceed. External dependencies are incredibly useful when trying to define complex […]

How do I suppress a specific return code from a UC4 Unix job?

Some processes return a non-zero return code even if all was well.  On Linux and Unix machines some UC4 developers use the following technique to keep their overall scripts from returning non-zero return codes. .\non_standard_cmd  (let’s say this returns an error code of 255) pwd    (this almost always returns an error code of 0, […]

Which MOVEit DMZ reports will help me understand actual usage?

Before we perform any MOVEit DMZ migration, upgrade or capacity planning analysis we run two built-in reports to quickly get a feel for actual use.  One looks at total monthly transfers and the other looks at sessions by hour. MOVEit DMZ File Transfer Report We use a built-in MOVEit DMZ report to determine the current […]

Auditing the hostnames and usernames in use on UC4

Security auditors are often interested in which machines are automatically accessing other machines, and a list of users that are used to connect. Fortunately, there is a single table called “OLC” in UC4’s configuration that provides this information if queried properly.  This article shows you how to use a single UC4 job to dump this […]