InfoQ Homepage Encryption Content on InfoQ
-
The Pillars of Future Cryptography at IBM
In a recent webinar, IBM summarized the latest advances in cryptographic technologies the company has been working on, including confidential cryptography, quantum-safe encryption, and fully homomorphic cryptography.
-
The Cloud Trust Paradox According to Google Cloud
In a series of three technical articles, Google Cloud has recently discussed how to trust cloud providers, covering the concepts of customer trust, security key management and scenarios where keeping encryption keys off the cloud may be necessary.
-
Five Years of Lets Encrypt
Five years ago, a non-profit organisation set up a public certificate authority, with the intent of enabling websites to become more secure by default through automated provisioning of TLS certificates. Five years later, and Lets Encrypt is putting together its own top-level root CA, which will be served by default next year - but some older Android versions won't be able to use it.
-
IBM Fully Homomorphic Encryption Toolkit Now Available for Linux
A few weeks after becoming available for macOS, iOS, and Android, the IBM Fully Homomorphic Encryption Toolkit can be now installed on various Linux distributions, including Ubuntu, Fedora, and CentOS for x86 platforms, and Ubuntu for IBM's own Z architecture.
-
IBM Fully Homomorphic Encryption Toolkit Now Available for MacOS and iOS
IBM's Fully Homomorphic Encryption (FHE) Toolkit aims to allow developers to start using FHE in their solutions. According to IBM, FHE can have a dramatic impact on data security and privacy in highly regulated industries by enabling computing directly on encrypted data.
-
Secure Multiparty Computation May Enable Privacy-Protecting Contact Tracing Solutions
The current COVID-19 pandemic has fueled several efforts to implement contact tracing apps, based on a number of different cryptographic approaches. InfoQ has spoken with HashiCorp principal product manager for cryptography and security Andy Manoske to learn more about Secure Multiparty Computation and how it can enable privacy-protecting analysis on private data from different sources.
-
TLS Improvements Backported to Java 8
Application Layer Protocol Negotiation is now available in Java 8, enabling software owners to communicate through HTTP/2 without a higher Java version.
-
Let's Encrypt is Revoking Three Million Certificates on March 4
Non-profit certificate authority Let's Encrypt, which provides X.509 certificates for TLS encryption at no charge, has announced it will revoke customer certificates today due to a bug in their Boulder CA software.
-
Keeping Credentials Safe, Google Introduces Cloud Secret Manager
In a recent blog post, Google announced a new service, called Secret Manager, for managing credentials, API keys and certificates when using Google Cloud Platform. The service is currently in beta and the intent of this service is to reduce secret sprawl within an organization’s cloud deployment and ensure there is a single source of truth for managing credentials.
-
Microsoft Extends Azure Security Center Capabilities to Partners, Adds Automation
At the recent Ignite conference, Microsoft announced several updates to their Azure Security Center offerings. These updates include enhanced cloud resource threat protection, Customer Lockbox extensions, the release of a Secure Code Analysis toolkit, additional support for Azure Disk Encryption, certificate management extensions, API automation and partner integrations.
-
NGINX Plus Release 18 Available with Support for Dynamic Certificate Loading
NGINX has released version 18 (R18) of NGINX Plus, their all-in-one load balancer, content cache, and web server. This release includes support for dynamic certificate loading, enhancements to their OpenID Connect implementation, and the ability to specify port ranges for virtual servers.
-
Adiantum Brings Disk Encryption to Low-End Smartphones
Adiantum is a new encryption algorithm for low-end smartphones, smartwatches, and other Android Pie devices that are too slow to use the Advanced Encryption Standard (AES) standard for storage encryption.
-
SaaS Platform for Managing Configurations Enters Private Beta
Config is a new SaaS offering for managing configuration files. Created by Bien David in 2017, the company looks to simplify how teams store and access configurations used by systems, apps, modules, environments, and server instances. InfoQ spoke to the team behind Config to learn more about how these problems are solved.
-
W3C Publishes DRM as a Recommendation
After a divided vote, the World Wide Web Consortium has adopted Encrypted Media Extensions as a full recommendation, formalizing closed-source Digital Rights Management into the specification. In response, the EFF has resigned from the W3C.
-
Stack Overflow Becomes HTTPS by Default
Nick Craver, architecture lead at StackOverflow, has published a blog announcing StackOverflow's migration to HTTPS. Some of the technical challenges along the way included supporting hundreds of domains, migrating URL’s, user generated content, and meeting the sites stringent performance requirements.
CONTENT IN THIS BOX PROVIDED BY OUR SPONSOR
Resources
How to Implement Zero Trust API Security
Level up security - Learn best practice for implementing a Zero Trust approach for APIs.
JWT Security Best Practices
Best practices for protecting your APIs from attacks and maintaining a high level of security of applications. Learn more.
CIAM vs IAM: What's the Difference?
Explore IAM and CIAM in terms of business requirements, behaviors, security and how they can work together. Learn more.
Curity Identity Server - Community Edition
Take the pain out of implementing OAuth and OpenID Connect, manage API access, secure apps and websites. Free to use.
