BT
x Your opinion matters! Please fill in the InfoQ Survey about your reading habits!

Google to remove support for SSL 3.0

by Alex Blewitt on  Oct 14, 2014 7

Google have announced that they will remove support for the obsolete SSL 3.0 after discovering vulnerabilities that may be exploitable by forcing clients or servers to downgrade. Removing SSL 3.0 may also unlock stalled negotiations with HTTP2. Read on for more details.

Heartbleed’s Aftermath: OpenBSD Developers Start Purifying OpenSSL

by Jeff Martin on  Apr 21, 2014

OpenSSL's Heartbleed vulnerability has brought the project under the intense scrutiny of the OpenBSD development team. The team began a massive cleanse and repair of the OpenSSL codebase last week with impressive results.

Heartbleed allows dumping client and server memory remotely

by Alex Blewitt on  Apr 09, 2014 1

The recently disclosed Heartbleed bug allows a remote client to query the contents of a remote SSL server's memory when using vulnerable versions of OpenSSL, disclosing passwords and other secure credentials to eavesdroppers. Application sites like Yahoo! Mail and Amazon Web Services have been affected. Read on to find out more about what the bug entails,and what you should do.

Patterns and Anti-Patterns for Scalable and Available Cloud Architectures

by Jonathan Allen on  Apr 02, 2014

More than anything else, architectural choices matter when designing a system with high scalability and availability. Using Azure customers as an example, Microsoft talks about the patterns and anti-patterns they see with their Azure customers and how it affects the four facets of system architecture.

Continuous Security Testing With Gauntlt

by Manuel Pais on  Nov 30, 2013 1

James Wickett, from Gauntlt core team, gave a tutorial at Velocity Conf London about integrating security testing in the continuous integration cycle for early feedback on application security level. James stressed the importance of regularly checking for security as release delivery rates increase with continuous delivery.

Securing Docker and Containers

by Aslan Brooke on  Sep 27, 2013 2

Jérôme Petazzoni, senior engineer at dotCloud, examined the progress of security concerning Docker compared with other virtualization and container like technology in his recent blog post "CONTAINERS & DOCKER: HOW SECURE ARE THEY?". Jérôme makes a case for the techniques that secure Docker, in spite of the acknowledgement that improvements are needed.

Tune Up Your Online Privacy with Clef

by Martin Monroe on  Jun 29, 2013

Clef is like a retina scan for your smart phone, which gives a whole new meaning to Retina Display. You can use Clef as an Open ID to log in from your smart phone only once to access many different web sites when online. Rather than typing in your user ID and password for each web site.

Derailed: Hackers Exploit Months Old Rails Flaw

by Jeff Martin on  May 30, 2013

A months old Ruby on Rails security flaw is now being exploited on systems where tardy patch deployment has left them vulnerable to malicious attackers.

Java Still Vulnerable, Despite Latest Patches

by Charles Humble on  Apr 24, 2013

Just days after the latest fix, security researcher Adam Gowdiak has found another Java vulnerability. In addition, in the past few days, attack code targeting one of the many remote-code-execution vulnerabilities fixed in Java 7 Update 21 have also begun circulating in the wild.

ASP.NET Anti-Forgery Tokens With JSON Payloads

by Roopesh Shenoy on  Oct 16, 2012 4

ASP.NET MVC has AntiForgeryToken helper that allow you to detect and block CSRF attacks using user-specific tokens. However when making primarily ajax requests or using javascript frameworks such as Knockout and Backbone which have JSON payloads, the approach needs to change a bit.

Another Week, Another Java Security Issue Found

by Charles Humble on  Oct 04, 2012

Polish security start-up Security Explorations has found another hole that allows hackers to bypass critical security measures, affecting Java SE 5, 6 and 7 - the last eight year's worth of Java releases.

Oracle and Apple Struggle to Deal with Java Security Issues

by Charles Humble on  Sep 12, 2012

Java has been in the news a lot recently thanks to a rather messy response to a high profile Java security issue, CVE-2012-4681, and a related set of vulnerabilities which target the Java browser plug-in.

GitHub Compromised by Mass Assignment Vulnerability

by Jonathan Allen on  Mar 12, 2012 15

GitHub was recently compromised by a vulnerability in Ruby on Rails know as mass assignment. This vulnerability is thought to not only affect a large number of Ruby-based websites, but also those using ASP.NET MVC and other ORM-backed web frameworks.

Major Denial of Service Vulnerability Affects Most Web Servers

by Jonathan Allen on  Jan 03, 2012 10

Security researcher Alexander Klink and Julian Wälde revealed a serious vulnerability that until recently affected the vast majority of web server. The attack only requires a single HTTP request that is specially designed to create hash code collisions in POST form data. When first discovered this attack affected Python, Ruby, PHP, Java, and ASP.NET, but vendors have been working on patches.

IEEE’s Hans Karlsson Standards Award 2012 for Paul R. Croll

by Michael Stal on  Dec 23, 2011

IEEE announced that the Hans Karlsson Standard Award 2012 has been given to Paul R. Croll for dedicated leadership of the IEEE Systems and Software Engineering Standards Committee, and for his diplomacy and collaboration in facilitating the development of a collection of high-quality standards.

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT