Tagged In security :
Connecting to an FTPS Server with SSL Session Reuse in Java 7 and 8
“Good programmers write good code… Great programmers reuse great code.” Or so I told myself as I snagged an Apache Commons class to connect to a new vendor’s FTPS server. Several hours of debugging later, however, I realized to my dismay that the omnipotent Apache Commons did not support a major security feature required by most modern FTPS servers. This post outlines my process… Read more
Security Notice on CCS / CVE-2014-0224
On June 5 another vulnerability in OpenSSL, ChangeCipherSpec (CCS) Injection Vulnerability, was announced. Released as CVE-2014-0224, the advisory warns that nearly all versions of OpenSSL are vulnerable to man-in-the-middle (MITM) attacks. After learning about the CVE-2014-0224 vulnerability, the Wealthfront team immediately deployed an updated OpenSSL library on all customer-facing servers. Further Resources for ChangeCipherSpec Help… Read more
Security Notice on Heartbleed / CVE-2014-0160
The Internet community learned on April 7 about the OpenSSL vulnerability CVE-2014-0160, known colloquially as Heartbleed. Many security professionals remember similar vulnerabilities in SSH, BIND, and Sendmail that pried open large chunks of the Internet Infrastructure. Heartbleed is a similar type of vulnerability, as detailed on the Heartbleed website. We join financial institutions across the… Read more
Belt and Suspenders: Safety and Trust in a Distributed System
Wealthfront is built on a traditional service-oriented architecture: requests from web browsers are dispatched to a cluster of Rails instances, which will in turn query back-end services. As a single page load might trigger tens of internal remote calls, it quickly becomes difficult to understand why a back-end service was called, who initiated the call,… Read more
Ode to Textual Identifiers
Entities of a domain model are distinct from all other objects in their longevity. These objects are typically stored in a database, or a similar form of long-term storage, and need portable identifiers which can shared within a system, and beyond. Identifiers are essentially “handles to entities”, which can be passed around, in the same… Read more
Encrypting using gpg from Java
Recently, we worked with a third-party that had trouble reading files encrypted using the Bouncy Castle’s OpenPGP implementation. We ended up deciding to rely directly on the GNU Privacy Guard’s OpenPGP implementation. As I didn’t find any working example on the web, I figured that the following piece of code might end up being useful… Read more