If you do any work with private/public key cryptography, the addition of the Crypto library last year made it finally possible to create and verify digital signatures as well as encrypt and decrypt data. Using keys with other systems requires a little more work to convert them to and from the PEM format.
This week we have seen another example of why you can’t be too paranoid about Internet security.
Code Spaces, a company that specializes in svn hosting (hosting your source code so your team can access it) announced that their servers were hacked big time. Apparently, the perpetrator began with a Denial of Service Attack then gained access to Code Spaces’ Amazon EC2 account. He or she then contacted Code Spaces via email in an attempt to extort a large fee to stop the attack. When the folks at Code Spaces attempted to take back control of their Amazon EC2 account, the hacker deleted all of their data including backups and off-site backups. Unable to recover, Code Spaces has made the decision to shutdown completely. The cost of the attack is just too great to continue.
As you may be aware, the “Heartbleed” bug in OpenSSL has made the rounds across the internet. As soon as it was disclosed this week we began an investigation to see where we were impacted. Xojo.com services were updated and our SSL certificate was quickly reissued. Xojo Cloud servers were also rapidly updated. This does mean that (like many sites) we were potentially vulnerable for a time until the patch was released.
This week, a major vulnerability, referred to as “Heartbleed” was discovered in OpenSSL. Bruce Schneier, who blogs about Internet security, called it, “catastrophic” and “on the scale of 1 to 10, this is an 11.” Heartbleed has left just about anyone with a server scrambling to find out if their version of OpenSSL is affected or not and then taking measures to update OpenSSL and make sure everything is working again.
Xojo Cloud is now available with plans starting at just $49 per month for a fully managed and secure cloud server for running your Xojo web apps. What does this mean for your web apps?
Xojo 2013 Release 4.1 added a variety of RSA encryption functions for handling public/private key encryption. Here’s how you use them.