Subversion SHA1 Collision Problem Statement — Prevention and Remediation Options

shattered

You probably saw the news last week that researchers at Google had found a scenario where they were able to break the SHA1 algorithm by creating two PDF files with differing content that produced the same hash. If you are following this story then you may have also seen that the Webkit Subversion repository had problems after a user committed these example files to their repository so that they could be used in test cases for SHA1 collisions. This post will try to explain the problem this caused and what prevention and remediation options are available if you run into …

Read More »

Migrating from Subversion to Git: What Your PCI-DSS Guy Will Not Tell You, Part 1

It is the time of the year when consumers begin to open their wallets. Retail and credit card processing industries are busily preparing their systems to handle the projected volume of credit card transactions leading up to Black Friday through the New Year.  It is no wonder IT folks are now revisiting their compliance with the infamous PCI-DSS (Payment Card Industry Data Security Standard) to ensure that their companies develop and store code dealing with credit cards in a secure way. If you are not familiar with PCI-DSS, in a nutshell, is a rigorous set of standards for protecting cardholder …

Read More »

The State of Cloud Security and Today’s Challenges

Cloud Security

I just read a compelling article about today’s challenging security landscape in the Presidio Group’s weekly newsletter. The article summarized the main themes that emerged from a recent Gartner Security Summit.  In this Summit, it was reported that one of the most significant challenges to managing virtual and cloud environments is the issue of security. Companies are spending substantially more on IT security in an attempt to thwart cyber-attacks, but the number of successful exploits is also increasing – so much so that one conclusion of the summit was that the cyber criminals are winning, and the leading vendors in …

Read More »

Advanced password security in Codesion Professional Edition

Given that many software development teams today include full time developers and temporary contributors, working together collaboratively from multiple locations, it is important that account and project managers have total control over who has access to sensitive information. This includes knowing when developers leave the team, and being able to promptly shut off that user’s (or group’s) access to sensitive project data. We recently launched an advanced security pack, which provides additional tools to account administrators to better manage passwords, password expiry and account lockout. This gives peace of mind, knowing there is one place to go in Codesion, to …

Read More »

Message from CEO: Not Forgetting the Dudes

Our existing customers will have noticed some big changes at Codesion (formerly CVSDude). In the past year, we have moved headquarters to the USA, released a new generation SaaS platform, and migrated over 50,000 users in several thousand companies to it. Shortly we will be launching a new product called Professional Edition. This represents the evolution of the solution that we have built over the years for our Enterprise class customers. Background & Motivations  Since Mark Bathie founded “CVSDude” as the original “Professional CVS Hosting” service in 2002 (and before Subversion was released), the company has delivered a solid and reliable system for individual …

Read More »

Codesion’s secure Subversion hosting service thwarts IP theft attempt at GroovyChannel, preserving $7M funding bid

After a failed theft attempt at GroovyChannel’s North Sydney office, GroovyChannel Inc CEO Joe Ward wanted to share a few words with Codesion and our customers on the experience and Codesion’s role. So in his words… The value of the Codesion service has never been more apparent for us at GroovyChannel than now, in the wake of an apparent theft attempt of our intellectual property. I’m happy to report that the source code for our accelerated SQL database technology is secure thanks to this partnership with Codesion. GroovyChannel is a pioneer in multicore-optimized SQL standard database software targeting enterprise cloud computing needs, and we recently launched a $7 million capital raising round in …

Read More »