InfoQ Homepage Cryptography Content on InfoQ
-
Microsoft Introduces Project Bletchley: A Modular Blockchain Fabric
On June 15th, Microsoft announced their vision for an open blockchain platform which will be powered by Azure. Microsoft is calling this initiative Project Bletchley, which focuses on providing the architectural building blocks for constructing an Enterprise Consortium Blockchain Ecosystem.
-
Postponing the Retirement of SHA-1
The need to retire SHA-1 faces obstacles with the access needs of users who have yet to upgrade. Facebook, Twitter, and CloudFlare have proposed an interim solution for users of these legacy devices.
-
Apple Open-sources Three Cryptographic Libraries
Apple has announced they have open sourced three major components in their OSes’ security subsystem. Apple’s announcement has spun some controversy due to the restrictive nature of the license used for one of the libraries.
-
GitHub Revoked Compromised and Unsecure SSH Keys
GitHub has recently started revoking SSH keys that were deemed to be compromised or otherwise insecure. Systems engineer Ben Cartwright-Cox was the author of the research that uncovered the issues. InfoQ has spoken with him.
-
ZeroDB Internals and End-To-End Database Encryption
In an article published in their blog, ZeroDB team explains how it works. ZeroDB is an end-to-end encrypted database, which means that the database server does not need to be secure for the data to be safe. The way this works is that query logic is being pushed down to the client. The client also holds the decryption keys for data. The client encrypts data with a symmetric key at time of creation
-
Chrome Sets SHA-1 Expiration Date
Google's Chrome web browser team has announced a schedule to deprecate support for how the browser handles HTTPS certificates using SHA-1 signatures. Over the next 6 months the browser will utilize increasingly noticeable warnings for sites that still use SHA-1.
-
LibreSSL, OpenSSL Replacement: The First 30 Days
LibreSSL is the OpenBSD group's response to the Heartbleed security vulnerability that was discovered a few weeks ago in OpenSSL. LibreSSL aims at fully pruning/refactoring OpenSSL to provide a secure and stable code base, fix long standing bugs, introduce modern programming practices, and redesign portability. After one month of work, it is time for a status update.
-
Improving Node.js’ SSL Performance at PayPal
Trevor Livingston, a software engineer working for PayPal, has outlined in a recent post a number of suggestions to improve the outbound SSL performance of Node.js.
-
Lessons Learned from Apple's GoToFail Bug
The recent security weakness found in both iOS and OS X hints at flaws in coding style guidelines, unit testing, system testing, code review policies, error management strategies, and tools deployment. An overview.
-
Crypto Obfuscator for .Net v2013 R2 Adds Support for Code Masking and Constant Field Removal
Crypto Obfuscator for .Net v2013 R2 includes support for code masking, constant field removal, Visual Studio 2012. It also includes Linux and Mono support for automatic exception reporting service including several new additions, improvements, changes and bug fixes.
-
CryptoLicensing v2013 for .Net with Activation Console, Mono for Android Support
CryptoLicensing v2013 for .Net includes license service activation console, new methods, properties with support for Mono, Android platforms including several improvements and bug fixes.
-
ASP.NET Gets Better Cryptography
.NET 4.5 brings a lot of improvements in how Cryptography is handled within ASP.NET, with new APIs Protect and Unprotect and various under-the-hood changes. Levi Broderick explains the motivation, the changes and compatibility in a series of articles.
-
Advice for Securing Data in Windows Azure
In a recent MSDN article entitled Crypto Services and Data Security in Windows Azure, Jonathan Wiggs provides advice on securing data stored and processed through Windows Azure. InfoQ explored the topic in more detail to understand some of the security ramifications which come with deploying an application to the cloud.
-
Internet Security: an Interview with David Durham
David Durham, manager of Intel's Security and Cryptography Research group, was recently interviewed on the subject of Internet and Computer Security. The interview covers a wide range of topics including the "monetization of malware," Cloud-based detection of malware, security of data stored in the Cloud, "Botnets in the Dark Cloud," and malware as a tool in geo-politics.
-
JRuby Roundup: Ruby 1.8.7 Support, Android Support, Bcrypt-ruby
The JRuby team has added Ruby 1.8.7 compatibility to the current JRuby trunk. Android received some more attention with JRuby support for the Android Scripting Environment as well as a JRuby irb app. Also: the bcrypt-ruby library for hashing passwords is now available for JRuby, as well as Ruby 1.9.