InfoQ Homepage Security Content on InfoQ
-
What Machine Learning Can Do for Security
Machine learning can be applied in various ways in security, for instance, in malware analysis, to make predictions, and for clustering security events. It can also be used to detect previously unknown attacks with no established signature.
-
Airbnb Open Sources Ottr: a Serverless Public Key Infrastructure Framework
Airbnb announced that it has open-sourced Ottr, a serverless public key infrastructure framework developed in-house. Ottr handles end-to-end certificate rotations without the use of an agent. Ottr's primary design goal is to be a scalable and configurable serverless framework on AWS with little operational overhead or reliance on enrollment protocols.
-
WICG Publishes New HTML Sanitizer API Proposal against mXSS Attacks
The Web Platform Incubator Community Group recently published the Draft Community Group Report for the HTML Sanitizer API. The HTML Sanitizer API lets developers take untrusted strings of HTML and sanitize those strings for safe insertion into a document’s DOM. The most common use case of HTML string sanitization is to prevent cross-site scripting (XSS) attacks.
-
GitHub to Phase out Support for Git Protocol, DSA Keys and Legacy SSH Algorithms
With a strong focus on having customer data as secure as possible, GitHub has decided to remove support for the unencrypted Git protocol, DSA keys and some legacy SSH algorithms. Also, it is adding requirements for newly added RSA keys and providing support for ECDSA and Ed25519 host keys SSH. These changes might affect only SSH and git:// users, while the https:// users will be unaffected.
-
Moving from Self-Doubt and Imposter Syndrome toward Seeing the Benefits of Diversity in Technology
As someone with a non technical background, Charu Bansal, has navigated the imposter syndrome in her career, often wondering what value she could bring to security. In her talk at The Diana Initiative 2021, she showed how having a diverse perspective helped her to solve challenging security problems as she pivoted from a non-technical career into information security.
-
Announcing General Availability of CIS Service Catalog and Reference Architecture 2.0
Gruntwork, an organization focused on creating reusable infrastructure code, announced the general availability of CIS Service Catalog and CIS Reference Architecture 2.0. Existing and future users of Gruntwork can now rapidly get started with a production-ready AWS technology stack and AWS services.
-
How Quantifying Information Leakage Helps to Protect Systems
Information leakage happens when observable information can be correlated with a secret. Secrets such as passwords, medical diagnosis, locations, or financial data uphold a lot of our world, and there are many types of information, like error messages or electrical consumption patterns, that can give hints to these secrets.
-
Microsoft Warns Customers about a Critical Vulnerability in Azure Cosmos DB
Azure Cosmos DB is a globally-distributed and fully-managed NoSQL database service. Recently, Microsoft warned thousands of its Cosmos DB customers of a vulnerability that exposes their data. A flaw in the service could grant a malicious actor access keys to steal, edit or delete sensitive data.
-
AWS Introduces Security Analytics Bootstrap to Perform Security Investigations
AWS recently announced Security Analytics Bootstrap, an open source framework to perform security investigations on AWS service logs using an Amazon Athena analysis environment.
-
Google Releases Its Certificate Authority Service into General Availability
The Google Cloud Certificate Authority Service (CAS) is a scalable service for managing and deploying private certificates via automation and managing public key infrastructure (PKI). And last month, Google announced the general availability (GA) of this service.
-
QCon Plus November 2021 is Now Hybrid. Attend Online and In-Person (NY & SF)
The QCon Plus software development conference will be back November 1-5, 2021 - online and in-person. Get the chance to engage and network with professionals driving change and innovation inside the world’s most innovative software organizations.
-
Microsoft Announces Public Preview of Bastion Standard SKU
Azure Bastion is a fully-managed Platform as a Service (PaaS) solution providing customers a secure way to connect to a virtual machine using a browser and the Azure portal. Recently, the company announced the public preview of the second Stock Keeping-Unit (SKU) called Standard.
-
Improve Your Software Quality and Speed of Delivery. Learn How at InfoQ Live on July 20th
Learn how automation, continuous testing, and supply management techniques can improve software quality and speed of delivery. Get valuable insights from world-class domain experts at InfoQ Live on July 20th.
-
Adding Security to Testing to Enable Continuous Security Testing
Teams can be trained by security experts to become able to identify areas to add security testing in the test process and add security checks as part of functional test automation. This can lead to continuous security testing where security defects can be spotted at an early stage with higher security testing coverage in every release.
-
New Exploit Breaks Current Spectre Defenses; Fixes Hard without Performance Impact
Researchers from the University of Virginia School of Engineering recently disclosed a new Spectre hardware exploit that can steal secrets via Intel/AMD micro-op caches and circumvents current Spectre defenses. Intel and AMD say no new guidance is needed. Researchers say suggested fixes are inconvenient to deploy or have performance drawbacks.