Security Vulnerabilities in Docker Hub Images

by Chris Swan on  May 29, 2015 2

BanyanOps have published a report stating that ‘Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities’, which include some of the sensational 2014 issues such as ShellShock and Heartbleed. The analysis also looks at user generated ‘general’ repositories and finds an even greater level of vulnerability.

Delivering Value on Time by Using #NoEstimates

by Ben Linders on  May 21, 2015 2

Vasco Duarte suggests that people should experiment with #NoEstimates to learn and find ways in which it can help them to deliver value on time and under budget. He is writing a book on #NoEstimates in which he explains why estimation does not work and how you can use #NoEstimates to manage projects.

Netflix's FIDO Guards Against Security Incidents

by James Chesters on  May 19, 2015

The Netflix team has released FIDO -- an open source system for automatically analysing security events. Not to be confused with FIDO Alliance, Netflix's platform stands for Fully Integrated Defense Operation, the platform's Github describes FIDO as "an orchestration layer used to automate the incident response process by evaluating, assessing and responding to malware."

VENOM Vulnerability Threatens Several Major VM Hosts

by Jeff Martin on  May 19, 2015

Users of the popular virtual machine tools Xen, KVM, VirtualBox, and QEMU are urged to patch their systems as soon as possible due to a newly found bug that exposes flaws in the code providing virtual floppy disk support. The VENOM vulnerability affects all operating systems that are hosting these environments.

Docker Security Benchmark

by Chris Swan on  May 08, 2015

Docker Inc have worked with the Center for Internet Security (CIS) to produce a benchmark document containing numerous recommendations for the security of Docker deployments. The benchmark was announced in a blog post ‘Understanding Docker Security and Best Practices’ by Diogo Mónica who was recently hired along with Nathan McCauley to lead the Docker Security team.

Spring Security 4.0: WebSocket, Spring Data and Test Support

by Matt Raible on  Apr 21, 2015

The Spring Security team released Spring Security 4.0.0, adding several new features as well as more default security. Major themes include WebSocket Security, Spring Data integration, better testing support and the introduction of Spring Session as a new (Apache licensed) open source project.

Atlassian’s Stash Data Center Offers High Availability and Scalability for Git

by Steffen Opel on  Apr 15, 2015 1

Atlassian recently released Stash Data Center, a highly available and horizontally scalable deployment option for its on-premises source code and Git repository management solution Stash. New nodes can be added without downtime to provide active-active clustering and instant scalability.

Chrome 42 Disables NPAPI and Related Plug-ins: Java, Unity, Silverlight

by Abel Avram on  Apr 15, 2015 5

As outlined in the NPAPI Deprecation Guide, Chrome 42, which was due this month and was recently released to the stable channel, has disabled support for the Netscape Plug-in API. The reason is that NPAPI “has become a leading cause of hangs, crashes, security incidents, and code complexity” and the intent was first announced in 2013.

Firefox 37 Brings Native Playback of HTML5 Video

by James Chesters on  Apr 13, 2015

Mozilla has released Firefox 37, bringing native playback of HTML5 video for Windows, and many security changes.

ZeroDB Internals and End-To-End Database Encryption

by Alex Giamas on  Apr 09, 2015

In an article published in their blog, ZeroDB team explains how it works. ZeroDB is an end-to-end encrypted database, which means that the database server does not need to be secure for the data to be safe. The way this works is that query logic is being pushed down to the client. The client also holds the decryption keys for data. The client encrypts data with a symmetric key at time of creation

Android Apps Are Now Reviewed by Tools and Humans

by Abel Avram on  Mar 17, 2015

Google has quietly introduced an app reviewing process that monitors new apps or updates for policy violations. This process uses automatic tools and sometimes human reviewers that add a few hours of delay in the publishing process.

Lenovo Responds to Superfish Vulnerability

by Alex Blewitt on  Feb 20, 2015

Lenovo has responded to the criticism of the Superfish software pre-loaded onto its computers with advice on how to remove the offending tool. But what was the issue, and why was it pre-loaded in the first place? InfoQ investigates. Meanwhile, Microsoft has pushed out a definition of Microsoft Defender to remove Superfish and its root certificate.

Atlassian Launches HipChat Server for Team Collaboration Behind the Firewall

by Steffen Opel on  Feb 17, 2015

Development and collaboration software vendor Atlassian recently launched HipChat Server, an on-premise version of its text, audio and video chat, file and screen sharing, as well as third party integration offering for team collaboration.

Android Developers Now Can Test WebView before It Is Released

by Abel Avram on  Feb 17, 2015

Google has made Android WebView available as a standalone application for developers willing to test it.

Exploring the Causes of Problems with the Analysis of Competing Hypothesis Method

by Ben Linders on  Feb 13, 2015

The analysis of competing hypotheses (ACH) method can be used to evaluate multiple competing hypotheses when investigating problems. The method mitigates cognitive biases that humans experience when exploring the causes of problems.

General Feedback
Marketing and all content copyright © 2006-2015 C4Media Inc. hosted at Contegix, the best ISP we've ever worked with.
Privacy policy