A New Look at Emprise Corporation

Emprise Corporation is currently embarked on a major rebranding effort, according to Graphic Designer Sergio Barrera.

“Branding” refers to the creation of an overall visual connection to a company and the services it provides. Our intensive search for an updated, just-right visual identity for the corporation itself and the products we provide also includes an image for marketing, recruitment, and Emprise’s logo. According to Mr. Barrera, “perceived value of a service or product is usually what people experience prior to actual value.” Just as people often “judge a book by its cover,” so, too, do they form an impression of a corporate entity based on their experience with that company. The company identity needs to reflect both the company’s perception of itself and the researched, avowed perception of employees and customers.

Compiling the results of a survey he created, Mr. Barrera notes that the most frequently expressed impressions of Emprise have been such things as “quality,” “reliability,” and “good service,” among others. He emphasizes that extensive research has been conducted in learning Emprise’s history, goals, products and services, employees, and customers: research leading to knowledge of how Emprise is perceived.

Mr. Barrera is currently working on sketches of several options that combine the way Emprise wishes to be seen with the way it is perceived into a single, coherent visual system. Each option is the product of the creative process itself, with time allotted for thinking and conceptualizing. He explains that the next month or two will involve evaluation by corporate principals and narrowing of the options, with a decision to be announced soon. Emprise’s web site will ultimately reflect his rebranding efforts, as will indeed every aspect of the company that can be expressed visually.

For more information please contact sales@emprisecorporation.com

9th Ship Added to Great Lakes Condition Monitoring Program

Emprise Corporation is proud to announce that, as part of our continuing commitment to Key Lakes, the M/V Great Republic becomes the ninth Great Lakes Fleet vessel submitted to the American Bureau of Shipping (ABS) for acceptance into its Continuous Survey Program.

Emprise Corporation, as an ABS-certified External Specialist for Condition Monitoring (CM), provided CM services to the M/V Great Republic that included machinery selection, nameplate data collection, test point installation, customized setup, data analyses, report submission, and follow-up with ABS to track the application process from submission through acceptance.

Condition Monitoring benefits the maritime industry through its early detection of machinery problems. Early detection maximizes vessel productivity, minimizes unscheduled downtime, minimizes the number of open and inspect repair routines, and increases machine service life.

Continuing vessel support services include quarterly analysis and annual crew training as well as thermographic surveys. As part of this service, Emprise Corporation provides the M/V Great Republic with the hardware, maintenance, and calibration services necessary for quarterly vibration data collection. Emprise has been providing these services to all vessels in the Great Lakes Fleet since 2001.

Emprise Corporation’s staff commands over 50 years’ experience in the commercial and maritime industries, experience that is readily available to design Condition Monitoring programs to suit the needs of any customer.

For more information please contact sales@emprisecorporation.com

ESTA Maintenance Release

OpenSSL Security Advisory [04 Jan 2012]
Six security flaws have been fixed in OpenSSL 1.0.0f and 0.9.8s.

DTLS Plaintext Recovery Attack (CVE-2011-4108):

Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at http://www.isg.rhul.ac.uk/~kp/dtls.pdf

Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann <seggelmann@fh-muenster.de>and Michael Tuexen <tuexen@fh-muenster.de>for preparing the fix.</tuexen@fh-muenster.de></seggelmann@fh-muenster.de>

Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann <seggelmann@fh-muenster.de>and Michael Tuexen <tuexen@fh-muenster.de>for preparing the fix.</tuexen@fh-muenster.de></seggelmann@fh-muenster.de>

Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.

Double-free in Policy Checks (CVE-2011-4109):

If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected.

This flaw was discovered by Ben Laurie and a fix provided by Emilia Kasper <ekasper@google.com>of Google.</ekasper@google.com>

Affected users should upgrade to OpenSSL 0.9.8s.

OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}_method or SSLv23_{server|client}_method. It does not affect TLS.

As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory.

However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue.

Thanks to Adam Langley <agl@chromium.org>for identifying and fixing this issue.</agl@chromium.org>

Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.

Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577):

RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack.

Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with “enable-rfc3779”.

Thanks to Andrew Chi, BBN Technologies, for discovering the flaw, and Rob Austein <sra@hactrn.net>for fixing it.</sra@hactrn.net>

Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.

Invalid GOST parameters DoS Attack (CVE-2012-0027):

A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack.

Only users of the OpenSSL GOST ENGINE are affected by this bug.

Thanks to Andrey Kulikov <amdeich@gmail.com>for identifying and fixing this issue.</amdeich@gmail.com>

Affected users should upgrade to OpenSSL 1.0.0f.


URL for this Security Advisory: http://www.openssl.org/news/secadv_20120104.txt

ESTA Maintenance Release

OpenSSL Security Advisory [18 Jan 2011]

DTLS DoS attack (CVE-2012-0050):

A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack. Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s are affected.

Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix.

Affected users should upgrade to OpenSSL 1.0.0g or 0.9.8t.


URL for this Security Advisory: http://www.openssl.org/news/secadv_20120118.txt

Agile Development at Emprise

Here at Emprise we have recently undertaken steps to properly organize and execute the Agile Development process known as Scrum.

The following are some basic Agile/Scrum tenets that we continually keep in mind during our development process:

  1. Individuals and interactions – Open communication between team members and customers is vitally important.
  2. Working software – We want our software to not just function, but to perform the job above expectations.
  3. Customer collaboration – Frequent input and communication helps us to create a high quality solution.
  4. Responding to change – Being flexible and open to the needs of our customers, rather than following a rigid and unchangeable development process.

With these tenets in mind we are constantly looking to have strong collaboration and input from both our customers and team. We believe in producing quality software while never allowing that to be an area that suffers as a result of the development process. Our beliefs diverge from the traditional iron triangle in development.

Traditional Iron Triangle:


Traditional Iron Triangle

Emprise Agile Iron Triangle:

Emprise Iron Triangle

Frequent software releases and the provision of high visibility into our work allow customers to give us frequent feedback on our projects and help us deliver a better product. Because we strongly believe in creating the highest quality products for our customers, this process was an ideal choice going forward at Emprise.

As we progress with our use of Scrum we will be using two different methods of tracking information. One is the digital use of the software VersionOne, which will help us provide clients with a window into the features that are being developed and the progress of our software. Locally, we will be using a large whiteboard system to help both the company and the development team visibly track our progress throughout the development process.

Emprise White Board:

Agile Board

The most important thing to keep in mind is that we do all this to give ourselves the ability and accountability for constant improvement. To incorporate strong communication, flexible development, and continual improvement, the Scrum methodology is a perfect fit for Emprise.

Emprise Delivers SEAS Vibration Analysis

Emprise Corporation delivers the first truly interactive web-based vibration analysis product to the US Military Sealift Command.

SEAS provides for the analysis of a vessels condition monitoring data by shipboard and or shore-side personnel. SEAS Vibration uses Emprise Javascript charts to provide interactive charting that rivals commercially-available client server applications.

For more information, please contact sales@emprisecorporation.com

Vibration Graph ImageVibration Graph Image

Emprise Corporation Delivers SEAS Oil Analysis

The second of several planned SEAS modules, SEAS Oil Analysis provides for the analysis and trending of lube oil variable data. Statistical alarm generation, advanced trending and historical analyst comments are the tip of the iceberg. SEAS provides for advanced engineering analysis of condition monitoring data. Combined with Emprise Corporation’s database replication design and Emprise Secure Transfer Agent it is now possible to receive and analyze shipboard engineering data in hours rather than days.

For more information please contact sales@emprisecorporation.com

Oil Graph ImageOil Graph ImageOil Graph Image