x Take the InfoQ Survey !

Vulnerability Discovered in libpng

by Jeff Martin on  Nov 18, 2015

It has been announced that the popular and widely used libpng library has vulnerabilities that make applications that rely on it for PNG image support vulnerable to exploitation. System administrators and application developers should take heed to update their systems as soon as possible.

Remotely Exploitable Java Zero Day Exploits through Deserialization

by Alex Blewitt on  Nov 07, 2015 7

According to a recent security analysis by Foxglove Security suggests that applications using deserialization may be vulnerable to a zero-day exploit. This includes libraries including OpenJDK, Apache Commons, Spring and Groovy. InfoQ investigates.

Cambridge Study Analyzes State of Android Security

by Sergio De Simone on  Oct 22, 2015

Researchers at the University of Cambridge have carried through an extensive research to assess security across Android devices, Android versions, and years. Their findings show 87% of Android devices to be vulnerable on average over the last four years. InfoQ has spoken with Daniel Thomas, lead author of the study.

LinkedIn Release QARK to Discover Security Holes in Android Apps

by Abel Avram on  Aug 27, 2015

LinkedIn has recently open sourced QARK, a static analysis tool meant to discover potential security vulnerabilities existing in Android applications written in Java.

Critical Flaw Allows Remote Code Execution on Internet Explorer

by Jeff Martin on  Aug 19, 2015

Microsoft has announced the presence of a critical flaw that exists in all versions of Internet Explorer, allowing for remote code execution. This flaw applies to all current Windows systems and should be patched as soon as possible.

Symantec Claims Zero Day Flash Vulnerability Likely to be Exploited

by Alex Blewitt on  Jul 08, 2015 1

Symantec is reporting that the zero-day vulnerability discovered (and weaponised) in the HackDay leak allows for remote code execution. Adobe will be updating Flash in the near future but disabling Flash may be the only solution at the moment.

Security Vulnerabilities in Docker Hub Images

by Chris Swan on  May 29, 2015 2

BanyanOps have published a report stating that ‘Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities’, which include some of the sensational 2014 issues such as ShellShock and Heartbleed. The analysis also looks at user generated ‘general’ repositories and finds an even greater level of vulnerability.

Lenovo Responds to Superfish Vulnerability

by Alex Blewitt on  Feb 20, 2015

Lenovo has responded to the criticism of the Superfish software pre-loaded onto its computers with advice on how to remove the offending tool. But what was the issue, and why was it pre-loaded in the first place? InfoQ investigates. Meanwhile, Microsoft has pushed out a definition of Microsoft Defender to remove Superfish and its root certificate.

Google to remove support for SSL 3.0

by Alex Blewitt on  Oct 14, 2014 7

Google have announced that they will remove support for the obsolete SSL 3.0 after discovering vulnerabilities that may be exploitable by forcing clients or servers to downgrade. Removing SSL 3.0 may also unlock stalled negotiations with HTTP2. Read on for more details.

Heartbleed’s Aftermath: OpenBSD Developers Start Purifying OpenSSL

by Jeff Martin on  Apr 21, 2014

OpenSSL's Heartbleed vulnerability has brought the project under the intense scrutiny of the OpenBSD development team. The team began a massive cleanse and repair of the OpenSSL codebase last week with impressive results.

Heartbleed allows dumping client and server memory remotely

by Alex Blewitt on  Apr 09, 2014 1

The recently disclosed Heartbleed bug allows a remote client to query the contents of a remote SSL server's memory when using vulnerable versions of OpenSSL, disclosing passwords and other secure credentials to eavesdroppers. Application sites like Yahoo! Mail and Amazon Web Services have been affected. Read on to find out more about what the bug entails,and what you should do.

Patterns and Anti-Patterns for Scalable and Available Cloud Architectures

by Jonathan Allen on  Apr 02, 2014

More than anything else, architectural choices matter when designing a system with high scalability and availability. Using Azure customers as an example, Microsoft talks about the patterns and anti-patterns they see with their Azure customers and how it affects the four facets of system architecture.

Continuous Security Testing With Gauntlt

by Manuel Pais on  Nov 30, 2013 1

James Wickett, from Gauntlt core team, gave a tutorial at Velocity Conf London about integrating security testing in the continuous integration cycle for early feedback on application security level. James stressed the importance of regularly checking for security as release delivery rates increase with continuous delivery.

Securing Docker and Containers

by Aslan Brooke on  Sep 27, 2013 2

Jérôme Petazzoni, senior engineer at dotCloud, examined the progress of security concerning Docker compared with other virtualization and container like technology in his recent blog post "CONTAINERS & DOCKER: HOW SECURE ARE THEY?". Jérôme makes a case for the techniques that secure Docker, in spite of the acknowledgement that improvements are needed.

Tune Up Your Online Privacy with Clef

by Martin Monroe on  Jun 29, 2013

Clef is like a retina scan for your smart phone, which gives a whole new meaning to Retina Display. You can use Clef as an Open ID to log in from your smart phone only once to access many different web sites when online. Rather than typing in your user ID and password for each web site.

General Feedback
Marketing and all content copyright © 2006-2015 C4Media Inc. hosted at Contegix, the best ISP we've ever worked with.
Privacy policy