In an article published in their blog, ZeroDB team explains how it works. ZeroDB is an end-to-end encrypted database, which means that the database server does not need to be secure for the data to be safe. The way this works is that query logic is being pushed down to the client. The client also holds the decryption keys for data. The client encrypts data with a symmetric key at time of creation
Google has quietly introduced an app reviewing process that monitors new apps or updates for policy violations. This process uses automatic tools and sometimes human reviewers that add a few hours of delay in the publishing process.
Lenovo has responded to the criticism of the Superfish software pre-loaded onto its computers with advice on how to remove the offending tool. But what was the issue, and why was it pre-loaded in the first place? InfoQ investigates. Meanwhile, Microsoft has pushed out a definition of Microsoft Defender to remove Superfish and its root certificate.
Development and collaboration software vendor Atlassian recently launched HipChat Server, an on-premise version of its text, audio and video chat, file and screen sharing, as well as third party integration offering for team collaboration.
Google has made Android WebView available as a standalone application for developers willing to test it.
The analysis of competing hypotheses (ACH) method can be used to evaluate multiple competing hypotheses when investigating problems. The method mitigates cognitive biases that humans experience when exploring the causes of problems.
Shortly after releasing the AWS CloudTrail Processing Library (CPL), Amazon Web Services has also integrated AWS CloudTrail with Amazon CloudWatch Logs to enable alarms and respective "notifications from CloudWatch, triggered by specific API activity captured by CloudTrail". The implied support for monitoring JSON-formatted logs has recently been officially released as well.
Twitter has officially released Digits Login for Web, the latest interaction of Digits that extends the SMS-based login system to mobile app's sites powered by Digits.
Mobile devices often contain both personal and corporate data. When these devices use cloud services with an "always on" internet connection the risk of security breaches increases says Jeff Crume. An interview on mobile security threats, increasing adherence to security policies, using mobile devices to collaborate efficiently, effectively and secure, and deploying enterprise mobile security.
In a blog post on bad code and technical debt Steve Freeman described how Chris Matts came up with the metaphor of an unhedged call option for bad code. This post is being intensively discussed on Reddit and on Hacker News recently. InfoQ interviewed Steve and Chris about using metaphors for bad code and code smells, trade-offs and costs of low quality code, and responsibilities for code quality.
While many applications are now being sold through app stores, mid-sized and big-ticket software is still offered directly to customers via web sites. For these kinds of projects, out-of-band licensing is still a major concern. One way to manage licenses is via serial keys using libraries such as SKGL.
At their re:invent 2014 show Amazon launched AWS Key Management Service (KMS), “a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys”. At launch the service supported EBS, S3 and Redshift. Additional support for Elastic Transcoder was added in late November.
Google has announced a new CAPTCHA API which provides a No CAPTHA experience for most users.
The Java Community Process published details of JSR 375, a redesigned Java EE Security API that includes improvements for implementing security in a cloud environment.