BT

Password Manager LastPass Suffers Hacking Attack

by Jeff Martin on  Jun 17, 2015

The web-based LastPass password management service has been hacked according to the company, and the result is that some user data, including email addresses and authentication hashes were obtained by unknown assailants. The breach highlights the risks users take by storing all of their passwords in a centralized location.

SQL Server 2016: Always Encrypted

by Jonathan Allen on  Jun 16, 2015 3

SQL Server 2016 seeks to make encryption easier via its new Always Encrypted feature. This feature offers a way to ensure that the database never sees unencrypted values without the need to rewrite the application.

ZeroDB Internals and End-To-End Database Encryption

by Alex Giamas on  Apr 09, 2015

In an article published in their blog, ZeroDB team explains how it works. ZeroDB is an end-to-end encrypted database, which means that the database server does not need to be secure for the data to be safe. The way this works is that query logic is being pushed down to the client. The client also holds the decryption keys for data. The client encrypts data with a symmetric key at time of creation

Android Apps Are Now Reviewed by Tools and Humans

by Abel Avram on  Mar 17, 2015

Google has quietly introduced an app reviewing process that monitors new apps or updates for policy violations. This process uses automatic tools and sometimes human reviewers that add a few hours of delay in the publishing process.

Amazon CloudWatch Supports JSON Logs and Integrates AWS CloudTrail

by Steffen Opel on  Feb 12, 2015

Shortly after releasing the AWS CloudTrail Processing Library (CPL), Amazon Web Services has also integrated AWS CloudTrail with Amazon CloudWatch Logs to enable alarms and respective "notifications from CloudWatch, triggered by specific API activity captured by CloudTrail". The implied support for monitoring JSON-formatted logs has recently been officially released as well.

Amazon releases AWS Key Management Service

by Chris Swan on  Dec 05, 2014

At their re:invent 2014 show Amazon launched AWS Key Management Service (KMS), “a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys”. At launch the service supported EBS, S3 and Redshift. Additional support for Elastic Transcoder was added in late November.

AWS Releases CloudTrail Processing Library

by Steffen Opel on  Nov 15, 2014

Amazon Web Services (AWS) recently released the AWS CloudTrail Processing Library (CPL), a "Java client library that makes it easy to build an application that reads and processes CloudTrail log files in a fault tolerant and highly scalable manner".

Google to remove support for SSL 3.0

by Alex Blewitt on  Oct 14, 2014 7

Google have announced that they will remove support for the obsolete SSL 3.0 after discovering vulnerabilities that may be exploitable by forcing clients or servers to downgrade. Removing SSL 3.0 may also unlock stalled negotiations with HTTP2. Read on for more details.

CloudFlare Universal SSL - Free Web Security for All

by Chris Swan on  Oct 08, 2014 1

CloudFlare have made SSL available to all free subscribers to its content delivery network (CDN) with Universal SSL. The move addresses both cost and complexity issues that have previously confronted web site and application owners wanting to deploy SSL. CloudFlare takes care of issuing a certificate at no cost to the end user, and enabling SSL becomes a selection from a dropdown menu.

Refreshed AWS Trusted Advisor Offers Several Free Checks

by Steffen Opel on  Aug 31, 2014

Amazon Web Services (AWS) has recently integrated the AWS Trusted Advisor into the AWS Management Console and made four security and service limit checks available at no charge. Additional checks from the security, performance, fault tolerance and cost optimization categories remain part of their Business and Enterprise support tiers.

AWS Expands Credential Lifecycle Management and Monitoring

by Steffen Opel on  Jul 29, 2014

AWS Identity and Access Management (IAM) recently expanded available password policy rules to enable self-service password rotation. A new credential report provides visibility into the AWS credentials security status. AWS also added logging of AWS Management Console sign-in events to AWS CloudTrail.

AWS CloudTrail Expands Auditing of API Calls

by Steffen Opel on  Jun 25, 2014

Amazon Web Services (AWS) has considerably increased the number of services supported by AWS CloudTrail to cover the majority of the extensive AWS service portfolio. This now includes most compute and networking and all deployment and management services, thereby providing comprehensive end to end auditing of almost any changes to customer’s infrastructure.

Node Security Project Aims at Making Node.js More Secure

by Sergio De Simone on  Jun 25, 2014

Node Security Project has been quietly working at improving Node.js security for a few months now. The project has the goal of auditing Node.js existing module base to help "improve Node landscape and provide confidence to developers and enterprises about the state of security in Node.js land."

A Roundup of Cloudera Distribution Containing Apache Hadoop 5

by Alex Giamas on  Apr 18, 2014

Cloudera recently released the latest version of its software distribution, CDH5. Almost 20 months after the last major version, CDH4 seems like ages in the Big Data world. We take a look at new features this release brings and the future direction of Cloudera after the latest round of investment from Intel and Google Ventures.

Heartbleed allows dumping client and server memory remotely

by Alex Blewitt on  Apr 09, 2014 1

The recently disclosed Heartbleed bug allows a remote client to query the contents of a remote SSL server's memory when using vulnerable versions of OpenSSL, disclosing passwords and other secure credentials to eavesdroppers. Application sites like Yahoo! Mail and Amazon Web Services have been affected. Read on to find out more about what the bug entails,and what you should do.

General Feedback
Bugs
Advertising
Editorial
Marketing
InfoQ.com and all content copyright © 2006-2015 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT