InfoQ Homepage Information Security Content on InfoQ
-
Moving from Self-Doubt and Imposter Syndrome toward Seeing the Benefits of Diversity in Technology
As someone with a non technical background, Charu Bansal, has navigated the imposter syndrome in her career, often wondering what value she could bring to security. In her talk at The Diana Initiative 2021, she showed how having a diverse perspective helped her to solve challenging security problems as she pivoted from a non-technical career into information security.
-
How Quantifying Information Leakage Helps to Protect Systems
Information leakage happens when observable information can be correlated with a secret. Secrets such as passwords, medical diagnosis, locations, or financial data uphold a lot of our world, and there are many types of information, like error messages or electrical consumption patterns, that can give hints to these secrets.
-
Security as a Product - a Coordination Game between DevOps and InfoSec
Kelly Shortridge, a product and strategy expert in information security, has described how security should be treated as a product. Analyzing the "we mindset" and game theory she puts forth DevOps and InfoSec as a coordination game.
-
Facilitating Threat Modelling Remotely
ThoughtWorks' Jim Gumbley recently published a guide to Threat Modelling on Martinfowler.com with a template for facilitating remote and onsite sessions. He makes a case for continuous threat modelling within each iteration, alongside business stake-holders. Derek Handova has also written about removing friction from security through automation and a greater security focus in the SDLC.
-
Pandemic Shines Security Spotlight on Zoom Collaboration Risks
COVID-19 self-isolation has resulted in Zoom growing from 10m to 200m daily users. This has highlighted issues with Zoom's data privacy, security practices and meeting configurations. Bruce Schneier and other security commentators have provided insights into these issues. While governments and major companies have banned it, Zoom started a 90-day security hardening stint with former Facebook CSO.
-
Keeping Credentials Safe, Google Introduces Cloud Secret Manager
In a recent blog post, Google announced a new service, called Secret Manager, for managing credentials, API keys and certificates when using Google Cloud Platform. The service is currently in beta and the intent of this service is to reduce secret sprawl within an organization’s cloud deployment and ensure there is a single source of truth for managing credentials.
-
Database Access Misconfiguration Exposes 250M Customer Records at Microsoft
Comparitech security firm reported a major data breach at Microsoft that exposed 250 million customer records over a period of a couple of days. Microsoft said the leaked data, which did not include personally identifiable information, was not used maliciously.
-
ESP32 IoT Devices Vulnerable to Forever-Hack
A popular WiFi chip, ESP32, contains a security flaw that enables hackers to implant malware that can never be removed. The attack works by implanting code into eFuses, a chip feature that can only be configured once.
-
Microsoft Releases Azure Sentinel, a Cloud Native SIEM, to General Availability
In a recent blog post, Microsoft announced the general availability of Sentinel, a Security Information and Event Management (SIEM) service in Azure, providing customers with intelligent security analytics across their enterprise. With the GA of Azure Sentinel, Microsoft now enters the SIEM market.
-
Security Architecture Anti-Patterns by UK Government National Cyber Security Centre
The National Cyber Security Centre of the UK Government recently published a white paper on the six design anti-patterns that we should avoid when designing computer systems.
-
Robot Social Engineering: Brittany Postnikoff at QCon New York
At QCon New York, Brittany Postnikoff presented “Robot Social Engineering: Social Engineering Using Physical Robots”. Quoting findings from academic research literature, she demonstrated that humans can often be manipulated via robots. A core message of the talk was the need for security and privacy to be part of any robot's fundamental design.
-
Making Security More Intelligent, Microsoft Releases Azure Sentinel
In a recent blog post, Microsoft announced further investments to its intelligent security offerings in the form of a Security Information and Event Management (SIEM) product called Azure Sentinel. SEIMs are used by security professionals as a data store that is capable of aggregating security events from logs across a variety of systems, including servers, firewalls, routers and switches.
-
Implementing Privacy by Design in Hyperledger Indy
Centralized identity providers, such as social media sites and consumer email services, provide convenience to users. But this approach creates data privacy and security risks. Hyperledger Indy, an open source blockchain project, is being built to address the current issues that exist in centralized identity providers by taking a 'Privacy by Design' approach to deal with these risks.
-
DevSecOps Grows Up and Finds Itself a Community
On June 28th, the first DevSecOps Days event came to London following a similar event in San Francisco in April. It kicked off with a welcome address from event founders, Mark Miller and John Willis, who explained that the intention is to replicate the DevOpsDays model and empower communities worldwide to stand up their own events.
-
Microsoft Launches Azure Information Protection for Documents
Microsoft launched Azure Information Protection (AIP) in early June 2016. The service aims to enable easy classification of documents both for security and taxonomy.