BT

Cloudera Acquires Big Data Encryption Startup Gazzang

by Jérôme Serrano on  Jul 15, 2014

Hadoop distributor Cloudera pursued its strategy of securing the Hadoop ecosystem by acquiring last month the big data encryption and key management startup Gazzang. The deal will strengthen Cloudera's security offering and lead to the creation of a center of excellence for Hadoop security that will initially be fueled by Gazzang’s engineering team.

LibreSSL, OpenSSL Replacement: The First 30 Days

by Sergio De Simone on  May 19, 2014

LibreSSL is the OpenBSD group's response to the Heartbleed security vulnerability that was discovered a few weeks ago in OpenSSL. LibreSSL aims at fully pruning/refactoring OpenSSL to provide a secure and stable code base, fix long standing bugs, introduce modern programming practices, and redesign portability. After one month of work, it is time for a status update.

Improving Node.js’ SSL Performance at PayPal

by Abel Avram on  Apr 17, 2014

Trevor Livingston, a software engineer working for PayPal, has outlined in a recent post a number of suggestions to improve the outbound SSL performance of Node.js.

Android 4.1.1 Vulnerable to Reverse Heartbleed

by Sergio De Simone on  Apr 15, 2014

Google announced last week that Android 4.1.1 is susceptible to the Heartbleed OpenSSL bug. While Android 4.1.1 is, according to Google, the only Android version vulnerable to Heartbleed, it remains in use in millions of smartphones and tablets. Android 4.1.1 devices have been shown to leak significant amount of data in a "reverse Heartbleed" attack.

Lessons Learned from Apple's GoToFail Bug

by Sergio De Simone on  Feb 28, 2014 5

The recent security weakness found in both iOS and OS X hints at flaws in coding style guidelines, unit testing, system testing, code review policies, error management strategies, and tools deployment. An overview.

Google Cloud SQL now Generally Available

by Chris Swan on  Feb 14, 2014

Google have announced general availability of their Cloud SQL service. At launch the service comes with automatic encryption of customer data, a 99.95% uptime SLA and support for databases up to 500GB in size.

Encrypting Files on Android with Facebook Conceal

by Abel Avram on  Jan 29, 2014 1

Facebook has open sourced Conceal, a set of Java APIs for file encryption and authentication on Android. Conceal uses a subset of OpenSSL’s algorithms and predefined options in order to keep the library smaller, currently being 85KB.

Microsoft to Stop Honoring SHA1 Certificates for SSL and Code Signing

by Jonathan Allen on  Nov 20, 2013

Following recommendations by the US National Institute of Standards and Technology, Microsoft intends to stop honoring SHA1 for SSL and Code Signing certificates. This policy will begin in 2017 and applies to Windows Vista, Windows Server 2008, and later operating systems.

Crypto Obfuscator for .Net v2013 R2 Adds Support for Code Masking and Constant Field Removal

by Anand Narayanaswamy on  Jul 27, 2013

Crypto Obfuscator for .Net v2013 R2 includes support for code masking, constant field removal, Visual Studio 2012. It also includes Linux and Mono support for automatic exception reporting service including several new additions, improvements, changes and bug fixes.

CryptoLicensing v2013 for .Net with Activation Console, Mono for Android Support

by Anand Narayanaswamy on  Jan 27, 2013

CryptoLicensing v2013 for .Net includes license service activation console, new methods, properties with support for Mono, Android platforms including several improvements and bug fixes.

Orubase Version 1 with Project Wizard, SQLite and Encryption Support

by Anand Narayanaswamy on  Dec 08, 2012

Syncfusion has announced the availability of Orubase Version 1 which ships with Project Wizard, SQLite and Encryption Support.

Researchers Expose SSL Vulnerabilities in Libraries and Their Usage in Popular Non-Browser Services

by Jeevak Kasarkod on  Oct 31, 2012

A recent publication in the ACM CCS'12 proceedings titled "The Most Dangerous Code in the World:Validating SSL Certificates in Non-Browser Software" exposes critical vulnerabilities in the creation and usage of SSL libraries in non-browser applications. The lessons learnt and the ensuing recommendations to developers and testers are shared in this news item.

ASP.NET Gets Better Cryptography

by Roopesh Shenoy on  Oct 30, 2012

.NET 4.5 brings a lot of improvements in how Cryptography is handled within ASP.NET, with new APIs Protect and Unprotect and various under-the-hood changes. Levi Broderick explains the motivation, the changes and compatibility in a series of articles.

MoSH - The Mobile Shell

by Alex Blewitt on  May 04, 2012

The Mobile Shell takes a number of new approaches in providing shell connections for mobile and roaming clients.

Will SSL Collapse Under its Own Weight?

by Jean-Jacques Dubray on  Feb 02, 2011 6

Lori MacVittie from F5 Networks provided an analysis of the recent adoption of NIST SSL Deployment Guidelines by the US Government as of January 2011. Since all commercial certificate authorities now issue only 2048-bit keys, the capacity of a server to process SSL is severely impacted and invalidates the general belief that SSL is not computationally expensive.

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT