BT

Mozilla Blocks Flash, Encourages HTML5 Adoption

by James Chesters on  Jul 20, 2015

Mozilla is encouraging developers towards HTML5 and JavaScript and away from Flash, after it blocked the plugin in browsers amid security concerns. Following Adobe's advice that two critical vulnerabilities would potentially allow attackers to take control of affected systems, Mark Schmidt, Firefox's head of support, announced the move on Twitter.

Symantec Claims Zero Day Flash Vulnerability Likely to be Exploited

by Alex Blewitt on  Jul 08, 2015 1

Symantec is reporting that the zero-day vulnerability discovered (and weaponised) in the HackDay leak allows for remote code execution. Adobe will be updating Flash in the near future but disabling Flash may be the only solution at the moment.

AWS s2n: Open-source TLS Implementation in Less than 6,000 Lines

by Sergio De Simone on  Jul 01, 2015

Amazon Web Services has recently introduced s2n, short for “signal to noise”, an open-source implementation of the TLS/SSL protocols that aims to be “simple, small, fast, and with security as a priority”.

Crossing the Chasm of Container Adoption in Production

by Guillermo Beltri on  Jul 01, 2015 3

Only 38% of IT professionals use containers in production environments, according to a recent survey. ClusterHQ, which ran the survey of the current state of container usage and adoption, also concludes that 73% of respondents are running containers in a VM environment.

Developments in IT Project Management

by Ben Linders on  Jun 25, 2015 2

The demand for IT project managers is increasing. Agile methodologies support collaboration with distributed teams for creative problem solving. The Internet of Things, cloud, big data, and cyber security will continue to dominate the IT landscape. Project managers have to pioneer IOT initiatives, be prepared for the influx of data and ensure that deliverables from their projects are secure.

Password Manager LastPass Suffers Hacking Attack

by Jeff Martin on  Jun 17, 2015

The web-based LastPass password management service has been hacked according to the company, and the result is that some user data, including email addresses and authentication hashes were obtained by unknown assailants. The breach highlights the risks users take by storing all of their passwords in a centralized location.

SQL Server 2016: Row-Level Security

by Jonathan Allen on  Jun 17, 2015

A common criticism for SQL Server’s security model is that it only understands tables and columns. If you want to apply security rules on a row-by-row basis, you have to simulate it using stored procedures or table value functions, and then find a way to make sure there is no way to bypass them. With SQL Server 2016, that is no longer a problem.

SQL Server 2016: Always Encrypted

by Jonathan Allen on  Jun 16, 2015 3

SQL Server 2016 seeks to make encryption easier via its new Always Encrypted feature. This feature offers a way to ensure that the database never sees unencrypted values without the need to rewrite the application.

GitHub Revoked Compromised and Unsecure SSH Keys

by Sergio De Simone on  Jun 11, 2015

GitHub has recently started revoking SSH keys that were deemed to be compromised or otherwise insecure. Systems engineer Ben Cartwright-Cox was the author of the research that uncovered the issues. InfoQ has spoken with him.

Microsoft Recommits to Providing SSH for Windows

by Jeff Martin on  Jun 04, 2015 1

The third time may be the charm as Microsoft has announced intentions to produce native SSH client and server tools for the Windows platform. Using OpenSSH as a starting point, Microsoft says their goals for the new toolset includes easier system management of both Windows and Linux systems.

Meeting Regulatory Demands with Agile Software Development

by Ben Linders on  Jun 04, 2015 1

InfoQ interviewed Jan van Moll about regulatory demands for software in healthcare, satisfying these demands with waterfall project or with a mix of waterfall and agile, and introducing agile in an R&D organization that needs to fulfill regulatory demands.

Google Introduces Smart Lock for Passwords

by Abel Avram on  Jun 02, 2015

Google has announced at I/O 2015 the Google Identity Platform, a collection of tools and APIs for managing identities and dealing with authentication and authorization across Android, iOS and web applications.

Security Vulnerabilities in Docker Hub Images

by Chris Swan on  May 29, 2015 2

BanyanOps have published a report stating that ‘Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities’, which include some of the sensational 2014 issues such as ShellShock and Heartbleed. The analysis also looks at user generated ‘general’ repositories and finds an even greater level of vulnerability.

Delivering Value on Time by Using #NoEstimates

by Ben Linders on  May 21, 2015 2

Vasco Duarte suggests that people should experiment with #NoEstimates to learn and find ways in which it can help them to deliver value on time and under budget. He is writing a book on #NoEstimates in which he explains why estimation does not work and how you can use #NoEstimates to manage projects.

Netflix's FIDO Guards Against Security Incidents

by James Chesters on  May 19, 2015

The Netflix team has released FIDO -- an open source system for automatically analysing security events. Not to be confused with FIDO Alliance, Netflix's platform stands for Fully Integrated Defense Operation, the platform's Github describes FIDO as "an orchestration layer used to automate the incident response process by evaluating, assessing and responding to malware."

General Feedback
Bugs
Advertising
Editorial
Marketing
InfoQ.com and all content copyright © 2006-2015 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT