How Apple's Intelligent Tracking Prevention in Safari Works
The latest release of Apple’s web browser, Safari 12, will provide “Intelligent Tracking Prevention” (ITP) 2.0, which aims to reduce the ability of third-parties to track web users via cookies and other methods.
Privacy and Security a Top Priority in macOS Mojave and Safari 12
At their annual Developer Conference WWDC Apple previewed macOS Mojave, the latest version of the company’s desktop operating system, and Safari 12, the updated web browser. Apple has stated that enhanced privacy and security are a top priority with these releases.
The Lowdown on Face Recognition Technology
Facial recognition is a direct application of machine learning that is being deployed far and wide to consumers, in the industry and to law enforcement agencies with potential benefits in our daily lives as well as serious concerns for privacy. facial recognition models show above human performances but real world implementation remains problematic for some applications.
Zip Slip Directory Traversal Vulnerability Impacts Multiple Java Projects
Security monitoring company Snyk has disclosed Zip Slip, an arbitrary file overwrite vulnerability exploited using a specially crafted ZIP archive that holds path traversal filenames. The vulnerability affects thousands of projects including AWS CodePipeline, Spring Integration, LinkedIn's Pinot, Apache/Twitter Heron, Alibaba JStorm, Jenkins, Gradle, and Google Cloud Platform.
Package Containing Malicious Backdoor Makes its Way into NPM
The NPM security team removed a package masquerading as a cookie parser that actually contained a malicious backdoor, along with three other packages depending on it. The backdoor allowed attackers to inject arbitrary code into a running server and execute it.
Twitter Passwords May Be Compromised, Could Be One of the Largest Data Breaches in History
On May 3 Twitter announced that they had uncovered and fixed a bug that had resulted in users' passwords being stored in plaintext. No information has been released on how many users were affected, and all users are being recommended to change their passwords. If all users were in fact compromised, this would be the one of the largest known data breaches in history.
Securing IoT Devices with Microsoft's Azure Sphere
To improve security of IoT devices, Microsoft announced Azure Sphere, an end-to-end solution for Internet-connected microcontrollers (MCUs). Azure Sphere has a three-layer architecture based on hybrid microcontrollers running a new IoT-optimized Linux kernel and leveraging a cloud-based security service. The first Azure Sphere chip, the MT3620, is developed by MediaTek Inc.
Google’s New Cloud Security Tools Increase DDOS Protection, Transparency and Usability
Recently, Google introduced several new cloud-focused security enhancements for the Google Cloud Platform (GCP). These enhancements include new services like Cloud Security Command Center (Cloud SCC), Google Cloud Armor, VPC Service Controls, and a few new features for G Suite administrators. Furthermore, these enhancements are a part of Google’s investment in their cloud platform.
Q&A with Marisa Fagan on Security Championship
Security lead Marisa Fagan recently spoke at QConLondon 2018 about upskilling and elevating engineering team members into the role of Security Champions. We catch up with Fagen and report on her efforts to address contention caused by a scarcity of security professionals.
SaaS Platform for Managing Configurations Enters Private Beta
Config is a new SaaS offering for managing configuration files. Created by Bien David in 2017, the company looks to simplify how teams store and access configurations used by systems, apps, modules, environments, and server instances. InfoQ spoke to the team behind Config to learn more about how these problems are solved.
Blockchain and Smart Contracts in a Business Process
Buying something through an internet portal, for example a car, normally involves two parties who don’t trust each other; a buyer and a seller. The portal is just a broker so either the buyer must transfer money before getting the ordered item, or the seller must send the item before getting the money. To overcome this lack of mutual trust, Bernd Rücker claims that a blockchain can be used.
Last Npm Incident Uncovers Security Vulnerability
Last week, the npm registry had an operations incident that caused a number of highly depended on packages, such as require-from-string, to become unavailable. While the incident was relatively straightforward to solve, it uncovered a major security vulnerability that could have been exploited to inject malicious code in projects using npm.
Intel Joins the Race for Quantum Supremacy with a 49-Qubit Chip
At CES 2018, Intel CEO Brian Krzanich announced Intel successfully built a 49-qubit chip, which aims to allow researchers to improve error correction techniques and simulate computational problems.
Intel Found That Spectre and Meltdown Fix Has a Performance Hit of 0-21%
Microsoft, Red Hat and Intel have published their performance evaluation of the impact Meltdown and Spectre mitigation has on various systems.
Redpoint Games Launch NPM Package Signing Tool
Redpoint has launched pkgsign, a package signing and verification tool for NPM. It aims to improve security by helping ensure the authenticity of packages which are uploaded and downloaded from the NPM registry.
