Connecting to an FTPS Server with SSL Session Reuse in Java 7 and 8

June 10, 2016

“Good programmers write good code… Great programmers reuse great code.”  Or so I told myself as I snagged an Apache Commons class to connect to a new vendor’s FTPS server.  Several hours of debugging later, however, I realized to my dismay that the omnipotent Apache Commons did not support a major security feature required by most modern FTPS servers.  This post outlines my process… Read more

Security Notice on CCS / CVE-2014-0224

June 06, 2014

On June 5 another vulnerability in OpenSSL, ChangeCipherSpec (CCS) Injection Vulnerability, was announced. Released as CVE-2014-0224, the advisory warns that nearly all versions of OpenSSL are vulnerable to man-in-the-middle (MITM) attacks. After learning about the CVE-2014-0224 vulnerability, the Wealthfront team immediately deployed an updated OpenSSL library on all customer-facing servers. Further Resources for ChangeCipherSpec Help… Read more

Security Notice on Heartbleed / CVE-2014-0160

April 09, 2014

The Internet community learned on April 7 about the OpenSSL vulnerability CVE-2014-0160, known colloquially as Heartbleed. Many security professionals remember similar vulnerabilities in SSH, BIND, and Sendmail that pried open large chunks of the Internet Infrastructure. Heartbleed is a similar type of vulnerability, as detailed on the Heartbleed website. We join financial institutions across the… Read more

Belt and Suspenders: Safety and Trust in a Distributed System

May 02, 2012

Wealthfront is built on a traditional service-oriented architecture: requests from web browsers are dispatched to a cluster of Rails instances, which will in turn query back-end services. As a single page load might trigger tens of internal remote calls, it quickly becomes difficult to understand why a back-end service was called, who initiated the call,… Read more

Ode to Textual Identifiers

March 18, 2011

Entities of a domain model are distinct from all other objects in their longevity. These objects are typically stored in a database, or a similar form of long-term storage, and need portable identifiers which can shared within a system, and beyond. Identifiers are essentially “handles to entities”, which can be passed around, in the same… Read more

Encrypting using gpg from Java

February 23, 2011

Recently, we worked with a third-party that had trouble reading files encrypted using the Bouncy Castle’s OpenPGP implementation. We ended up deciding to rely directly on the GNU Privacy Guard’s OpenPGP implementation. As I didn’t find any working example on the web, I figured that the following piece of code might end up being useful… Read more