InfoQ Homepage Information Security Content on InfoQ
-
Security Architecture Anti-Patterns by UK Government National Cyber Security Centre
The National Cyber Security Centre of the UK Government recently published a white paper on the six design anti-patterns that we should avoid when designing computer systems.
-
Robot Social Engineering: Brittany Postnikoff at QCon New York
At QCon New York, Brittany Postnikoff presented “Robot Social Engineering: Social Engineering Using Physical Robots”. Quoting findings from academic research literature, she demonstrated that humans can often be manipulated via robots. A core message of the talk was the need for security and privacy to be part of any robot's fundamental design.
-
Making Security More Intelligent, Microsoft Releases Azure Sentinel
In a recent blog post, Microsoft announced further investments to its intelligent security offerings in the form of a Security Information and Event Management (SIEM) product called Azure Sentinel. SEIMs are used by security professionals as a data store that is capable of aggregating security events from logs across a variety of systems, including servers, firewalls, routers and switches.
-
Implementing Privacy by Design in Hyperledger Indy
Centralized identity providers, such as social media sites and consumer email services, provide convenience to users. But this approach creates data privacy and security risks. Hyperledger Indy, an open source blockchain project, is being built to address the current issues that exist in centralized identity providers by taking a 'Privacy by Design' approach to deal with these risks.
-
DevSecOps Grows Up and Finds Itself a Community
On June 28th, the first DevSecOps Days event came to London following a similar event in San Francisco in April. It kicked off with a welcome address from event founders, Mark Miller and John Willis, who explained that the intention is to replicate the DevOpsDays model and empower communities worldwide to stand up their own events.
-
Microsoft Launches Azure Information Protection for Documents
Microsoft launched Azure Information Protection (AIP) in early June 2016. The service aims to enable easy classification of documents both for security and taxonomy.
-
Apple Defends Encryption with TV Interview, Files Counter Lawsuit
Apple has responded to questions raised about its stance with the FBI and CEO Tim Cook has appeared on live TV to defend Apple's stance. They have now filed a lawsuit to have the FBI's case dismissed. InfoQ updates you with the latest on the subject.
-
Password Manager LastPass Suffers Hacking Attack
The web-based LastPass password management service has been hacked according to the company, and the result is that some user data, including email addresses and authentication hashes were obtained by unknown assailants. The breach highlights the risks users take by storing all of their passwords in a centralized location.
-
Splunk .conf2014 Keynote 1
At the opening keynote for Splunk .conf2014 we heard about GE Capital’s developer culture, Red Hat’s internal IT focus, and Coca-Cola’s “Data Lake” theory of information management.
-
Continuous Security Testing With Gauntlt
James Wickett, from Gauntlt core team, gave a tutorial at Velocity Conf London about integrating security testing in the continuous integration cycle for early feedback on application security level. James stressed the importance of regularly checking for security as release delivery rates increase with continuous delivery.
-
HTC America Drops Ball on Mobile Security
Manufacturer HTC America affirmatively acknowledged Federal Trade Commission (FTC) charges that millions of its customers’ Android based mobile devices were using software with potentially serious security vulnerabilities. The leading mobile device making company was ordered to make a patch available before the end of March 2013 to all concerned parties.
-
Dynamic Access Control in Windows Server 2012
Dynamic Access Control is a set of features for Windows Server 2012 to manage authentication and authorization beyond Active Directory Groups. There are several components involved in this, the most notable being the ability evaluate expression-based ACLs against user and device claims.