sysctl ab

1.8.0 release of IMPEX

  • STATION: Add function to upload logs to ICC
  • STATION: Optimize sophos download
  • STATION: Improved sanity check added for sophos updates
  • STATION: Add support for formatting erased USB devices(completely empty crypto drives like datashur)
  • STATION: Preparation for visualize more av update information
  • STATION: Resolve proxy issue for AV update engines that not has support for TLS and use the encrypted stunnel
  • STATION: Ensure built in f-secure update service is disabled
  • STATION: Solve issue with the configuration option preserve time stamp during file transfer between usb devices
  • STATION: Fix minor issue when getting new configuration card fro the ICC. Only applies to new installations.
  • STATION: Fix mount issue, the process couldn't create destination directory when using exfat. Other partition types worked as expected.
  • ICC: Add option to download Station logs
  • ICC: Add option to retire a station from the station list in the GUI. The station and the stations scanning data will still be accessible.
  • ICC: Add configuration option to pause AV updates
  • ICC: Fix eset issue, the update time was incorrect
  • REPO: Split AV downloads to separate RPMs
  • REPO: Optimize sophos download
  • ISO: Fix issue with random password during installation

1.7.0 release of IMPEX

  • STATION: Improved control of source and destination size check
  • STATION: Only allow ECDHE-RSA-AES128-GCM-SHA256 for internal communication between user interface and backend services
  • STATION: Send scanned file meta data to ICC faster
  • STATION: Visualize the USB-drives filesytem(driver that load the filesystem)
  • STATION: Handle destination devices with GPT and msdos filesystem
  • ICC: Optimize bandwidth utilization for av-synchronization
  • ICC: Visualize last update for f-secure
  • ICC: Add configuration to enable station online monitoring. Require mail to in the SMTP card to be set.
  • ICC: Allow to configure sender name for mail notifications
  • ICC: Add configuration to disable updates on stations
  • ICC: Add configuration to preserve timestamps when transfer files on the station. Experimental.
  • ISO: Set random root password on the station
  • ISO: Do not set repository server. The station will get it from the ICC

1.6.23 release of IMPEX

  • STATION: Fix scan CD-rom only issue
  • STATION: Handle format of GPT(Guided Partition Table)
  • STATION: Ensure to always format destination drive with the source drives file format
  • STATION: Remove unsupported AV-engines in the info view
  • STATION: Fix issue with autocomplete of identification
  • ICC: Remove unsupported AV-engines in the configuration card
  • ICC: Remove mandatory configuration option of repository username and password

1.6.22 release of IMPEX

  • Repository: Support for separate repository(not integrated in ICC)
  • STATION: Enhanced TOFU with support for separate impex-repository
  • ICC: eset sync in ICC
  • ICC: Support for repository configuration of stations
  • ISO: Initial configuration towards WiFi-support

1.6.21 release of IMPEX

  • STATION: Add support for ESET
  • STATION: Optimize bandwidth utilization for ClamAV (step 2/2)
  • STATION: Improved license handling with f-secure
  • STATION: Enhanced logging before the station connects to ICC
  • STATION: Enhanced TOFU when a Station connects to ICC
  • ISO: Allow installation without network connected
  • ISO: Handle installations without DNS

1.6.20 release of IMPEX

  • STATION: Optimize bandwidth utilization for ClamAV (step 1/2)
  • STATION: Visualisation when inserting slow or large devices
  • STATION: Automatic update enhancment
  • STATION: Erase all partitions and not only the first during format and transfer
  • ICC: ClamAV bandwidth improvements (step 1/2)
  • Known issues: On the ICC ClamAV will show the wrong version, because of migration of signature files

1.6.19 release of IMPEX

  • STATION: Fix to handle USB-devices without vendor, model or serial number
  • ICC: Add no-referrer link from the files details view to Virustotal and Cymry that allows to do second opinion checks with the files checksum

1.6.17 release of IMPEX

  • STATION: Daemonize ClamAV to speed up scanning time
  • STATION: Fix issue when formating USB-drives without any partition table

1.6.16 release of IMPEX

  • ISO install: Handle empty value in information gathering script
  • STATION: Change TOFU to be handled automatically
  • STATION: Ensure the graphical interface always shows partitions that is supported
  • ICC: Sort stations by online status by default
  • ICC: Add sort by online button for stations view
  • ICC: View number of online stations and total number of stations in station view header
  • ICC: Add missing link to create black and white rule from the set rules view
  • Repo: Add function to clean up old RPMs
  • Repo: Enhanced AV-signature handling

1.6.15 release of IMPEX

  • STATION: Fix graphical issue, certain partition formats did not show files. Only graphical issue.
  • STATION: Ensure correct permissions in directories

1.6.14 release of IMPEX

  • Installation media: minor preparations for new type of hardware
  • Station: enhanced TLS between kiosk-gui and station(local host communication)
  • Station: minor fix to reduce error logs before station has connect to the ICC server
  • Station: preparation for multiple partitions
  • Station: handling of exFAT partitions created in Windows. (only exFat created in Linux worked before)
  • ICC: enhanced download of AV signatures
  • Known issues:
  • There is a known issue with certain inexpensive usb drives. The computer part of Impex, the Intel NUC, combined with certain Kingston drives, will experience failures in ONE of the two USB ports that we use for data transfer. Hence inserted into one of the USB ports it will work, but not in the other Our tests and analysis have concluded that this is a error on certain models of Intel NUCs combined with the some Kingston device. We have not experienced this with other brands of USB storage devices. We are currently investigating the issue further.
  • Kingston models with issues:
  • DataTraveler G3
  • DataTraveler DTI
  • Workarounds and Mitigation(s):
  • The following alternatives for mitigation is recommended.
  • 1. Do not use the Kingston sticks.
  • 2. Use quality USB memory sticks, e.g. Kanguru Flashtrust, and have users copy files onto these sticks
  • 3. If you experience problems with Kingston devices in one USB port, make sure that the known bad USB stick is instead used in the other, working, USB port. Remember which direction the file transfer should be performed and click in the graphical user interface to perform scanning and file transfer. This will only work if not Kingston sticks are used in both USB ports simultaneously.

1.6.13 release of IMPEX

  • Install media: Update Ansible installation script to use the latest standard
  • Install media: Fix installation media to allow DHCP without DNS
  • Install media: Allow to delete characters when setting passwords from the installation media
  • STATION: Resolve race condition delays during upgrades
  • STATION: Change time sync from cron to timer
  • STATION: Fix UDEV warning issue

1.6.12 release of IMPEX

  • STATION: Fix issue where update status did not update the value

2.1.0 release of deaddrop

  • frontend: improved contact handling
  • frontend: Update 3-part software
  • frontend: send account name in info mail after a new account has been created
  • frontend: add support for saml
  • backend: add X-Auto-Response-Suppress to disable auto response mail when user is away
  • backend: Update 3-part software
  • backend: allow dispatches to be longer then 14 days
  • backend: allow memory remap in the seccomp hardening for contacts
  • backend: general clean up
  • backend: improvements to avoid broken json
  • backend: fix conflict between ntpd and deaddrop-ntpd
  • backend: add extra checks to ensure no log file has been removed by administrator
  • emails: better text in account remove email
  • emails: fix force email language to always force correct language

Sophos update

  • Sophos: Fix for the changed behavior of sophos. savscan.base need the SGID bit to be set. Before the change in sophos new security checks was it possible to only have the exec bit. We still have the engine in a SELinux sandbox

1.6.11 release of IMPEX

  • F-Secure: Fix for the changed behavior of F-secure output
  • F-Secure: Fix SELinux policy to handle F-secures new behavior
  • F-Secure: Fix to ensure that F-Secure dont start auto update to F-Secure servers
  • F-Prot: Fix issues for new installations

1.6.10 release of IMPEX

  • Station: Fix issue were number 7 on the on screen keyboard was highlighted
  • Station: Improved printer receipe
  • Station: Preparation for exposing correct AV versions
  • Station: Fix update issue
  • Station: More robust OS repository handling
  • ICC: Fix IE legacy mode issue

1.6.9 release of IMPEX

  • Station: Add support for more languages [da,no,sp,ar]
  • Station: Add support for the exfat file system
  • Station: Fix issue with touch events after monitor has been turned off
  • Station: Improved graphical environment
  • Station: Fix issue were language not was change on the keyboard
  • Station: fix issue when keyboard language was not change when changing language
  • Station: moved OS hardening from one-shot installtion to rpm
  • Station: fix bug that disabled touch events after monitor has been powered off
  • ICC: Fix broken link in email notification
  • Installation: New installation media that allows reinstallations by end-users

2.0.14 release of deaddrop

  • Change to faster json-parser
  • Resolve issue where SELinux denied to remove some files
  • Fix issue where local admin-users where denied to use their own password for sudo

1.6.8 release of IMPEX

  • Station: fsecure fixes
  • Station: now removes all other network configuration before writing a new one
  • Station: AV Manager active
  • Station: More robust OS repo handling
  • ICC: Sophos and Comodo last updated added to ICC server view

1.6.6 release of IMPEX

  • Station: Fix regression on automatic ejection of CD/DVD in the latest CentOS release
  • Station: Fix an issue where FAT32 drives got the "dirty" flag set after an IMPEX scan
  • Station: Make printing receipts for large scans several magnitudes faster

1.6.5 release of IMPEX

  • ICC: add status window for a station when clicking the ONLINE button on a station card
  • Station: Language translation fixes
  • Station: UTF-8 fixes making the output render correctly
  • Station: Improve user feedback when USB/CD/DVD drives got pulled during operation
  • Station: Correct detection of invalid filenames for a target filesystem

1.6.4 release of IMPEX

This release contains only minor changes and new features behind the scenes for the IMPEX Station:
  • * Update SELinux rules required by latest CentOS update
  • * Add a recovery script which also can be used to reconfigure an IMPEX station, including remapping of USB ports
  • * Disable zooming (pinching) in the GUI
  • * Fix spelling mistake in the Latvian translation

2.0.13 release of deaddrop

Today we released a bugfix only release correcting one issues:
  • Backend:
  • Fix issue where seccomp denied mremap in the upload function. Big files that required expand or potentially moving memory was terminated by seccomp and result in corrupt uploads

2.0.12 release of deaddrop

Today we released a bugfix only release correcting three issues:
  • Front end:
  • After modifying a contact will add a new contact miss-behave
  • backend:
  • fix issue where seccomp denied memory unmap in mcs deamon
  • deaddrop admin interface:
  • Improved handling of passwords

2.0.11 release of deaddrop

This release contains both bugfixes and new features:
  • Features:
  • Front-end:
  • Add an regret button in the growl message after a contact has been removed
  • Allow drag-n-drop files in the upload-file area
  • Allow to upload bigger files than 4GB when using IE11
  • Use the same newer design on the download-page
  • Mail:
  • Add download url to the reminder email
  • Back-end:
  • Enhanced response to client by using the same type of response codes
  • Function to remove users history after X days
  • Bugfixes:
  • Mail enhancement:
  • Fixed HTML error in removed page mail
  • Fixed incorrect text in download mail
  • Change to correct doc-type in HTML mail
  • Front-end enhancement:
  • Enabled UTF-8 support for aliases/nicknames
  • Enhanced group handling
  • Enhanced the add new contact form
  • Enhanced the modify contact form
  • Better information to users who try to login to an expired deaddrop
  • Visualize that the login-page is used for a download page and not for a permanent user
  • Allow to delete a file even if the user clicks on the pop-up help text
  • Allow to delete a contact even if the user clicks on the pop-up help text
  • Allow to select watermark file even if the user clicks on the pop-up help text
  • On-mouse-over tool-tip for remove files and watermark files was only in english
  • Back-end enhancement:
  • Substitute some cron-jobs with systemd-timers
  • Fix an issue to ensure right owner permission on files
  • Graceful handling of empty CSRF-token
  • Re-factor of some duplicated code
  • Better handling of request in wrong order
  • Fix an issue in SELinux which denied files from being removed
  • Improved handling of reset password function
  • Improved error handling when removing accounts
  • Improved error handling when adding accounts
  • Enhanced handling of double-added accounts

1.6.3 release of IMPEX

This release contains both bugfixes and new features:
  • IMPEX Station: refactoring of the SELinux rules for IMPEX which was possible because now all drives are mounted with the SELinux security context removable_t.
  • IMPEX Station: if the system clock was set in the future and the time was adjusted back it was possible to trigger a bug which made the GUI appear to hang.
  • IMPEX Station: fixed scanning drives with 99000+ files which before this would render the front view almost unusable.
  • IMPEX Station: no longer dependent on RAM size when calculating checksums on files.

1.5 release of IMPEX

This is a new feature release containing:
  • IMPEX Station: CDROM/DVD/ISO support
  • IMPEX Station: offer to format a USB drive when the filesystem is invalid, unsupported or missing
  • IMPEX Station: transfer to an unformatted drive now works
  • New languages added: lithuanian, latvian, russian, estonian, german, polish and finnish

1.4.2 Bugfix release of IMPEX

Today we released a bugfix only release correcting three issues:
  • IMPEX Station: ICC server name on the System Information page was not changed even though it was running against another ICC
  • ICC: Newly connected stations did not get the get_contacts-permission assigned automatically so they could not fetch contact lists
  • ICC: Internet Explorer fix for pie chart on the overview page was reverted

1.4.1 Bugfix release of IMPEX

Today we released a bugfix only release correcting two minor issues. One was that the coloured link warning about out of date OS updates was warning even though all updates had been applied. The other issue we corrected is that the ICC server GUI was rendered incorrectly in Internet Explorer.

1.4 Release of IMPEX

We have another release update! Mostly this is a feature update with black and white device list management added together with auto completion when inputting identification when scanning USB drives. Also we have a new result view with a receipt on the screen after scanning which improves the end user feedback after a scan or format.

1.3 Release of IMPEX

IMPEX 1.3 was released a week ago and all existing customers should have gotten an automatic upgrade. Major new features include Scan Only Mode, Format Only Mode, support of larger drives than the internal storage area of the station. Better feedback during scanning. Private Namespaces for almost all processes involved and even more hardened SELinux rules.

Impex AND deaddrop announced as finalists for 2015 Security Awards

Sysctl is extremely proud to announce that both our products Impex and Deaddrop have been selected as finalist at the 2015 Security Awards nominations. That mean that we got two of three slots for the "security product of the year" cathegory. The announcement was made public today, 2nd September 2015, and the actual decision on what is selected as the winner at a grand announcement banquet at Cafe Opera in central Stockholm.

Sysctl at "Rätt säkerhet" security conference

Sysctl is going to have a vendor booth at Rätt säkerhet 2015. At the booth we will have our security experts as well as display various products, including deaddrop and impex.

1.3 Release of deaddrop

A new version of deaddrop, version 1.3, have been released. The Release is available immediately for existing customers. Major new features in the new version includes: rebase on RedHat Enterprise Linux 7, better support for Single Sign-On (SSO) and AD support, better login and logout pages. Both SSO support and login pages was a direct result of customer requests for new features.

Sysctl is developing a new security product - Impex

On behalf of a major international corporation, Sysctl have developed a solution for handling USB sticks from a more secure perspective. The new product, impex can work as a stand-alone solution or as part of a networked solution.

Deaddrop and Sysctl in IDG article

This week, the national technology news outlet IDG covered the deaddrop product and the sysctl company in an article. Highligthning that deaddrop was born out of a necessity to exchange files with mortals that don't have PGP installed, and that using US based "free" services that either share you info, steal you info or at least dont protect it with their life, really isnt an option in many cases. To read the article, in swedish, follow this link.

sysctl sign a partner contract with enigio to develop a trusted timestamp plugin to deaddrop

Sysctl have signed an agreement with EnigioTime to develop a Trusted Timestamp plugin to deaddrop. The plugin will allow deaddrop users to have an extended audit trail of information that passes through deaddrop. EnigioTime have develop a technology that allows you obtain a timestamp of your information asset without reveling the actual content to the timestamping third party. This feature will be available at additional cost in an upcoming version of deaddrop.