BT

AWS Simplifies Resource Access with VPC Endpoints, Initially Supporting S3

by Steffen Opel on  Aug 31, 2015

Amazon Web Services recently introduced VPC endpoints to enable a "private connection between your VPC and another AWS service without requiring access over the Internet, through a NAT instance, a VPN connection, or AWS Direct Connect". VPC endpoint policies provide granular access control to other service's resources. Initially available are connections to S3, other services will be added later.

LinkedIn Release QARK to Discover Security Holes in Android Apps

by Abel Avram on  Aug 27, 2015

LinkedIn has recently open sourced QARK, a static analysis tool meant to discover potential security vulnerabilities existing in Android applications written in Java.

Docker 1.8 Release with Multiple New Tools

by Chris Swan on  Aug 24, 2015 1

Docker Inc have announced the release of Docker 1.8, which brings with it some new and updated tools in addition to new engine features. Docker Toolbox provides a packaged system aiming to be, ‘the fastest way to get up and running with a Docker development environment’. The most significant change to Docker Engine is Docker Content Trust, which provides image signing and verification.

Critical Flaw Allows Remote Code Execution on Internet Explorer

by Jeff Martin on  Aug 19, 2015

Microsoft has announced the presence of a critical flaw that exists in all versions of Internet Explorer, allowing for remote code execution. This flaw applies to all current Windows systems and should be patched as soon as possible.

First Zero-Day Java Vulnerability in Two Years

by Abraham Marín Pérez on  Aug 08, 2015

A zero-day vulnerability affecting sandboxed Java Web Start applications and sandboxed Java applets was recently announced, the first one for Java in nearly two years. Concerns that the vulnerability is already being exploited, together with the ease of exploitation, gave this vulnerability the highest CVSS risk score. Oracle has issued a patch and urges customers to upgrade as soon as possible.

Intel Multi-OS Engine Enables Porting Android Apps to iOS

by Sergio De Simone on  Aug 03, 2015

Intel has introduced a new feature for its Integrated Native Development Experience (INDE) called Multi-OS Engine that aims to make it easier for Java developers to port their Android apps to the iOS platform.

Android 'Stagefright' Vulnerabilty puts Millions at Risk

by James Chesters on  Aug 03, 2015 1

Google has moved quickly to reassure Android users following the announcement of a number of serious vulnerabilities. The Stagefright Media Playback Engine Multiple Remote Code Execution Vulnerabilities allow an attacker to send a media file over a MMS message targeting the device's media playback engine, responsible for processing several popular media formats.

Mozilla Blocks Flash, Encourages HTML5 Adoption

by James Chesters on  Jul 20, 2015

Mozilla is encouraging developers towards HTML5 and JavaScript and away from Flash, after it blocked the plugin in browsers amid security concerns. Following Adobe's advice that two critical vulnerabilities would potentially allow attackers to take control of affected systems, Mark Schmidt, Firefox's head of support, announced the move on Twitter.

Symantec Claims Zero Day Flash Vulnerability Likely to be Exploited

by Alex Blewitt on  Jul 08, 2015 1

Symantec is reporting that the zero-day vulnerability discovered (and weaponised) in the HackDay leak allows for remote code execution. Adobe will be updating Flash in the near future but disabling Flash may be the only solution at the moment.

AWS s2n: Open-source TLS Implementation in Less than 6,000 Lines

by Sergio De Simone on  Jul 01, 2015

Amazon Web Services has recently introduced s2n, short for “signal to noise”, an open-source implementation of the TLS/SSL protocols that aims to be “simple, small, fast, and with security as a priority”.

Crossing the Chasm of Container Adoption in Production

by Guillermo Beltri on  Jul 01, 2015 3

Only 38% of IT professionals use containers in production environments, according to a recent survey. ClusterHQ, which ran the survey of the current state of container usage and adoption, also concludes that 73% of respondents are running containers in a VM environment.

Developments in IT Project Management

by Ben Linders on  Jun 25, 2015 2

The demand for IT project managers is increasing. Agile methodologies support collaboration with distributed teams for creative problem solving. The Internet of Things, cloud, big data, and cyber security will continue to dominate the IT landscape. Project managers have to pioneer IOT initiatives, be prepared for the influx of data and ensure that deliverables from their projects are secure.

Password Manager LastPass Suffers Hacking Attack

by Jeff Martin on  Jun 17, 2015

The web-based LastPass password management service has been hacked according to the company, and the result is that some user data, including email addresses and authentication hashes were obtained by unknown assailants. The breach highlights the risks users take by storing all of their passwords in a centralized location.

SQL Server 2016: Row-Level Security

by Jonathan Allen on  Jun 17, 2015

A common criticism for SQL Server’s security model is that it only understands tables and columns. If you want to apply security rules on a row-by-row basis, you have to simulate it using stored procedures or table value functions, and then find a way to make sure there is no way to bypass them. With SQL Server 2016, that is no longer a problem.

SQL Server 2016: Always Encrypted

by Jonathan Allen on  Jun 16, 2015 3

SQL Server 2016 seeks to make encryption easier via its new Always Encrypted feature. This feature offers a way to ensure that the database never sees unencrypted values without the need to rewrite the application.

General Feedback
Bugs
Advertising
Editorial
Marketing
InfoQ.com and all content copyright © 2006-2015 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT