Grinding Gears

Earlier this year, the FreeAgent marketing website www.freeagent.com was the target of a volumetric Distributed Denial of Service (DDoS) HTTP flood attack. This was a relatively unsophisticated attack in that it targeted a particular static endpoint of our website with a massive number of HTTP GET requests from multiple remote IP addresses around the globe, as visualised on the map below. Predominantly serving the UK small business base, FreeAgent wouldn’t… Continue reading

Given a requirement of generating a temporary passphrase that can be communicated over the phone to another person, I thought of XKCD #936 which suggests using four random words together as a passphrase. Then there's just the question of how to generate that easily. On each system there's a file containing a list of words somewhere, on OS X it's located at /usr/share/dict/words. This contains a good ~236,000 words on… Continue reading

SSL vulnerabilities have been big news over the last few years. We've had Heartbleed, CSS Injection, POODLE and FREAK among others. At FreeAgent we take these vulnerabilities very seriously and work to mitigate these as fast as possible. The one we will be looking at today is Weak Diffie-Hellman and the Logjam Attack and some changes we are going to be making in the coming months. SSL configuration can be… Continue reading

Here at FreeAgent, security is a never-ending project. We are never finished, and we are always looking for ways to harden our platform, ensuring data is kept safe. Security should not be taken for granted – it is not just about technical mitigations or fancy enterprise firewalls, equally important is developing the right set of processes and procedures. One important aspect is testing your security controls. You need to be… Continue reading