BT

Proactively Monitor Configuration Changes with Tripwire

by Jonathan Allen on  Oct 08, 2014 1

Most companies still manually track configuration changes using a wiki or spreadsheet. Only the most basic information such as IP addresses are included, as recording everything is just too tedious. Even knowing basic information such as who made the change is difficult and time consuming. Tripwire seeks to eliminate this problem by proactively monitoring configuration changes.

Discover What Malware is Really Doing with FireEye

by Jonathan Allen on  Oct 08, 2014

Traditional signature based anti-virus/malware software is suitable for home users, but not for corporations. As seen repeatedly in the news, targeted attacks against specific companies are becoming more and more common. To combat this threat, advanced threat detection techniques are needed.

CloudFlare Universal SSL - Free Web Security for All

by Chris Swan on  Oct 08, 2014 1

CloudFlare have made SSL available to all free subscribers to its content delivery network (CDN) with Universal SSL. The move addresses both cost and complexity issues that have previously confronted web site and application owners wanting to deploy SSL. CloudFlare takes care of issuing a certificate at no cost to the end user, and enabling SSL becomes a selection from a dropdown menu.

Major Update to Firebase Brings Rich Authentication Tokens

by James Chesters on  Oct 07, 2014

Firebase has this week announced major updates to its user authentication, including automatic session persistence, and rich authentication tokens for use in Security Rules.

Remote Code Exploitation through Bash

by Alex Blewitt on  Sep 29, 2014 2

A remote exploit (CVE-2014-6271) has been in bash discovered that potentially affects any application that uses environment variables to pass data from unsanitised content, such as CGI scripts. After the release went public, other exploits were discovered (CVE-2014-7169). Official patches have been released to fix them. (Originally posted 24 September, updated 25, 26 and 29 September)

ShellShocked - Behind the Bug

by Alex Blewitt on  Sep 29, 2014 2

The recent vulnerabilities in the Bash shell initially stemmed from a remote execution exploit, which was patched and made available through responsible disclosure before being announced. However, since the initial release there have been other flaws detected which became zero day threats. What exactly was the problem with Shellshock, and is it truly fixed? InfoQ explains what happened.

Building Agile Relationships with Customers and End-Users

by Ben Linders on  Sep 11, 2014

Teams can become so focused that they forget the world around them and risk losing contact with stakeholders. This makes it difficult for them to know what their customers need and how end users will use their products. At the ASAS2014 conference Daisy Rasing-de Joode will show how successful agile teams create synergy by being interdependent and highly collaborative with their environment.

Chrome Sets SHA-1 Expiration Date

by Jeff Martin on  Sep 10, 2014

Google's Chrome web browser team has announced a schedule to deprecate support for how the browser handles HTTPS certificates using SHA-1 signatures. Over the next 6 months the browser will utilize increasingly noticeable warnings for sites that still use SHA-1.

Refreshed AWS Trusted Advisor Offers Several Free Checks

by Steffen Opel on  Aug 31, 2014

Amazon Web Services (AWS) has recently integrated the AWS Trusted Advisor into the AWS Management Console and made four security and service limit checks available at no charge. Additional checks from the security, performance, fault tolerance and cost optimization categories remain part of their Business and Enterprise support tiers.

Data Encryption in Apache Hadoop with Project Rhino - Q&A with Steven Ross

by Abhishek Sharma on  Aug 14, 2014

Cloudera recently released an update over Project Rhino and data at-rest encryption in Apache Hadoop. Project Rhino is an effort of Cloudera, Intel and Hadoop community to bring a comprehensive security framework for data protection. InfoQ recently talked to Steven Ross from Cloudera team to learn more about the project.

ASP.NET Two-Factor Authentication, Web And Mobile Tooling Improvements

by Roopesh Shenoy on  Aug 12, 2014

Visual Studio Update 3 was released last week and includes some framework and tooling improvements relevant to web and mobile developers. We go through some of these, including the ASP.NET identity update supporting two-factor authentication, new Visual Studio-Azure integrations as well as several updates to the Apache Cordova Tooling preview.

Maven Central Enables SSL

by Ben Evans on  Aug 04, 2014 1

Responding to recent concerns that hackers could upload rogue versions of common libraries to Maven Central, Sonatype has released a patch that closes a security vulnerability, enabling SSL by default.

AWS Expands Credential Lifecycle Management and Monitoring

by Steffen Opel on  Jul 29, 2014

AWS Identity and Access Management (IAM) recently expanded available password policy rules to enable self-service password rotation. A new credential report provides visibility into the AWS credentials security status. AWS also added logging of AWS Management Console sign-in events to AWS CloudTrail.

GitHub, BitBucket, Twitter and other Secure Services Affected on Mac OS X By Expired SSL Certificate

by Dio Synodinos on  Jul 27, 2014

On Saturday July 26th, an intermediate certificate issued by DigiCert that was used by online services like GitHub, BitBucket, etc expired. Since this certificate was widely cached in the keychains of many Mac OS X users, this expiration caused any connection via browser or API to raise certificate chain errors.

Nurturing a Culture for Continuous Learning

by Ben Linders on  Jul 24, 2014

Continuous learning supports agile adoption in enterprises. A culture change can be needed to enable and support continuous learning. There are several things that managers and agile coaches can do to establish and nurture a continuous learning culture.

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT