BT
Development Follow 687 Followers

GitHub Announces New Tools to Improve Developer Workflows

by Sergio De Simone Follow 18 Followers on  Oct 17, 2018

At GitHub Universe in San Francisco, GitHub announced a number of new tools to help developers make their workflows more effective, including Actions, Suggested Changes, Security Alerts for .NET and Java, and more.

Development Follow 687 Followers

New Git Submodule Vulnerability Patched

by Sergio De Simone Follow 18 Followers on  Oct 10, 2018

The Git community has disclosed a security vulnerability affecting the clone and submodule commands that could enable remote code execution when vulnerable machines access malicious repositories. The vulnerability, which has been assigned CVE–2018–17456 by Mitre, has been fixed in Git 2.19.1.

Development Follow 687 Followers

Checked C Extends LLVM to Bring Spatial Memory Safety to C

by Sergio De Simone Follow 18 Followers on  Sep 12, 2018

Checked C is an open, collaborative project led by Microsoft Research aimed to extend the C language so programmers can write more reliable programs free of errors such as buffer overruns, out-of-bounds memory accesses, and incorrect type casts. Checked C code can coexist with code written in standard C to ease porting.

Development Follow 687 Followers

Intel Discloses New Speculative Execution Vulnerability L1 Terminal Fault

by Sergio De Simone Follow 18 Followers on  Aug 17, 2018

Intel has disclosed a new speculative execution side channel vulnerability, dubbed L1 Terminal Fault, that could potentially leak information residing in the processor L1 data cache. Mitigations are already available, according to Intel, based on its latest Microcode Updates and corresponding updates to operating systems and hypervisor stacks.

DevOps Follow 972 Followers

WhiteSource Launches Free Open Source Vulnerability Checking

by Helen Beal Follow 4 Followers on  Aug 10, 2018

WhiteSource, an open source security and license compliance management solution provider, has launched Vulnerability Checker; a new, free and standalone CLI tool that provides alerts on critical open source vulnerabilities.

Development Follow 687 Followers

NetBSD 8.0 Brings Spectre V2/V4, Meltdown, and Lazy FPU Mitigations, and More

by Sergio De Simone Follow 18 Followers on  Jul 24, 2018

NetBSD 8.0, a major release of the BSD-based OS providing portability across many architectures, brings mitigations for the Spectre V2/V4, Meltdown, and Lazy FPU vulnerabilities, along with many new features and bug fixes.

Development Follow 687 Followers

Spectre 1.1 and 1.2 Vulnerabilities Disclosed

by Sergio De Simone Follow 18 Followers on  Jul 15, 2018

Two new vulnerabilities exploiting flaws in CPUs speculative execution have been recently disclosed. Dubbed Spectre 1.1 and 1.2, both are variants of the original Spectre (Spectre-v1) vulnerability and leverage speculative stores to create speculative buffer overflows which can escape Spectre-v1 mitigations.

DevOps Follow 972 Followers

DevSecOps Grows Up and Finds Itself a Community

by Helen Beal Follow 4 Followers on  Jul 06, 2018

On June 28th, the first DevSecOps Days event came to London following a similar event in San Francisco in April. It kicked off with a welcome address from event founders, Mark Miller and John Willis, who explained that the intention is to replicate the DevOpsDays model and empower communities worldwide to stand up their own events.

Development Follow 687 Followers

TLBleed Can Leak Cryptographic Keys from CPUs Snooping on TLBs

by Sergio De Simone Follow 18 Followers on  Jun 26, 2018

A new side-channel vulnerability affecting Intel processors, known as TLBleed, can leak information by snooping on Translation Look-aside Buffers (TLBs), writes VUsec security researcher Ben Gras.

Development Follow 687 Followers

Lazy FP State Restore Vulnerability Affects Most Intel Core CPUs

by Sergio De Simone Follow 18 Followers on  Jun 18, 2018

Intel has disclosed a new vulnerability affecting most of its Core processors and making them targets for side-channel attacks similar to Spectre and Meltdown. The vulnerability, dubbed Lazy FP state restore (CVE–2018–3665), allows a process to infer the contents of FPU/MMX/SSE/AVX registers belonging to other processes.

Architecture & Design Follow 2419 Followers

Zip Slip Directory Traversal Vulnerability Impacts Multiple Java Projects

by Charles Humble Follow 933 Followers on  Jun 05, 2018

Security monitoring company Snyk has disclosed Zip Slip, an arbitrary file overwrite vulnerability exploited using a specially crafted ZIP archive that holds path traversal filenames. The vulnerability affects thousands of projects including AWS CodePipeline, Spring Integration, LinkedIn's Pinot, Apache/Twitter Heron, Alibaba JStorm, Jenkins, Gradle, and Google Cloud Platform.

Development Follow 687 Followers

Git Vulnerability May Lead to Arbitrary Code Execution

by Sergio De Simone Follow 18 Followers on  Jun 03, 2018

A flaw in Git submodule name validation makes it possible for a remote attacker to execute arbitrary code on developer machines. Additionally, an attacker could get access to portion of system memory. Both vulnerabilities have been already patched in Git 2.17.1, 2.16.4, 2.15.2, and other versions.

Development Follow 687 Followers

VPNFilter Has Infected over 500,000 Routers Worldwide

by Sergio De Simone Follow 18 Followers on  May 30, 2018

Cisco security researchers have issued an advisory describing a sophisticated malware system, VPNFilter, that has targeted at least 500,000 networking devices in 54 countries.

Development Follow 687 Followers

PGP and S/MIME Encrypted Email Vulnerable to Efail Attack

by Sergio De Simone Follow 18 Followers on  May 18, 2018

A group of German and Belgian researchers found that PGP and S/MIME are vulnerable to an attack that leaks the plaintext of encrypted emails. The Electronic Frontier Foundation confirmed the vulnerability and suggested to use alternative means to exchange secure messages. Yet, the vulnerability is not in PGP itself, according to GnuPG creator Werner Koch, who also said EFF comments were overblown.

Development Follow 687 Followers

Intel Starts to Use GPUs for Malware Scanning

by Sergio De Simone Follow 18 Followers on  Apr 20, 2018

Intel has announced its new Thread Detection Technology (TDT), a set of silicon-based capabilities which use the processor GPU to scan memory for malware. This will free the CPU from that task and help mitigate the impact of defending against Spectre and Meltdown.

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT