InfoQ Homepage Security Content on InfoQ
-
HashiCorp Vault 1.0 Open Sources Auto-Unseal, Adds Batch Tokens
HashiCorp has released version 1.0 of Vault, their secrets management tool that open-sources the auto-unseal feature needed to continue using Vault server after a failure or a restart. In this version, a new type of token called batch is now available for ephemeral workloads. Another new feature is that service account tokens are now supported in Kubernetes auth to inject tokens into a pod.
-
Building Human Interfaces with Artificial Intelligence
AI helps us to build human interfaces based on speaking and writing, instead of using a keyboard or mouse; it allows humans to stay human. The biggest challenges are finding ways to tell systems what answers are unsatisfactory to help them learn, be transparent in what data is recorded and retained, and ensure that diversity and inclusion is part of our training data to prevent bias in AI systems.
-
PortSmash is the Latest Side-Channel Attack Affecting Intel CPUs
Researchers have devised a new kind of timing attack to steal information from a different process running on the same core with SMT/hyper-threading enabled. By carefully measuring port contention delays when sending instructions to a shared core, the researchers could recover a private key from a different process. Intel CPUs are probably not the only ones affected.
-
British Airways Data Breach Conducted via Malicious JavaScript Injection
British Airways reports two substantial data breaches this year, initially reporting in September the compromise of 244,000 credit card transactions in August and September, and further disclosing in October another 185,000 transactions from April through July.
-
Google Releases New Security Features for Compute Engine: Resource-Level IAM and IAM Conditions
Google announced two new Cloud Identity and Access Management (IAM) features to help customers manage their security and access control in the Google Compute Engine better. These features are the resource-level IAM to set policies on individual resources, and IAM conditions to grant access based on predefined conditions.
-
Continuous Integration at Intel for the Mesa Graphics Library
Mesa CI is a continuous integration system at Intel for running builds and compliance test suites for the Mesa graphics library. It runs across more than 200 systems and runs tens of millions of tests per day.
-
MIT Researchers Propose DAWG Defense against Spectre and Meltdown
Security researchers from MIT claim to have devised a hardware solution to prevent cache timing attacks based on speculative execution, such as Spectre and Meltdown. Their approach, named Dynamically Allocated Way Guard (DAWG), splits the processor cache in variably-sized partitions to make it impossible for processes to snoop on other processes’ cache partitions.
-
GitHub Release Developer Workflow Tools: Actions, Suggested Changes & Security Alerts for .NET/Java
At GitHub Universe in San Francisco, GitHub announced a number of new tools to help developers make their workflows more effective, including Actions, Suggested Changes, Security Alerts for .NET and Java, and more.
-
Tim Berners-Lee Introduces "Solid" Decentralized Identity Platform
Solid is a new decentralized identity platform from WWW Creator Tim Berners-Lee. Solid provides a mechanism for users to own and better control the usage of their data.
-
New Git Submodule Vulnerability Patched
The Git community has disclosed a security vulnerability affecting the clone and submodule commands that could enable remote code execution when vulnerable machines access malicious repositories. The vulnerability, which has been assigned CVE–2018–17456 by Mitre, has been fixed in Git 2.19.1.
-
Implementing Privacy by Design in Hyperledger Indy
Centralized identity providers, such as social media sites and consumer email services, provide convenience to users. But this approach creates data privacy and security risks. Hyperledger Indy, an open source blockchain project, is being built to address the current issues that exist in centralized identity providers by taking a 'Privacy by Design' approach to deal with these risks.
-
Microsoft Announces the General Availability of the Immutable Storage Functionality in Azure Storage
With the immutable storage, feature blobs will be non-erasable and non-modifiable for a specific retention interval. Now Microsoft announced that this new feature is generally available in all public Azure regions after its preview since June of this year.
-
Hyperledger Releases New Version of Burrow Featuring Improved Integration and Developer Experience
In a recent blog post, the Hyperledger open source project announced the next version of Burrow v.0.21.0. Within this release, organizations can expect improved integration, key-signing, helm charts for Kubernetes and developer experience.
-
Confluent Platform 5.0 Supports LDAP Authorization and MQTT Proxy for IoT Integration
Confluent Platform 5.0, the enterprise streaming platform built on Apache Kafka, supports LDAP authorization, Kafka topic inspection, and Confluent MQTT Proxy for Internet of Things (IoT) integration.
-
Compliance in an Agile World
Compliance is about making sure that you are doing the right thing and being able to prove it. With agile and frequent deliveries, you need to build compliance into the process of delivery. Making compliance obligation part of the thing that DevOps teams own increases the likelihood of success.