InfoQ Homepage Security Content on InfoQ
-
The Cloud Trust Paradox According to Google Cloud
In a series of three technical articles, Google Cloud has recently discussed how to trust cloud providers, covering the concepts of customer trust, security key management and scenarios where keeping encryption keys off the cloud may be necessary.
-
Sandboxing and Other Measures to Harden iMessage on iOS and macOS
After being hit by a 0-click exploit in iMessage last year, Apple has been hard at work to improve the security of its platform. One of the major changes in iOS 14 is BlastDoor, a tightly sandboxed service responsible for parsing all untrusted messages, along with randomization of the shared cache region containing system libraries, and exponential throttling to counter brute-force attacks.
-
HashiCorp Announces Public Beta of HCP Vault
In a recent blog post, HashiCorp announced the public beta of HashiCorp Vault on its Cloud Platform (HCP). With Vault, customers can leverage a managed cloud service to provide them with secret management and encryption capabilities.
-
Sysdig: Container Security Shifting Left, Docker Usage Shrinking
Sysdig 2021 container security and usage report highlights a trend for container security to shift left. Yet, many of the analyzed images are still lacking in basic security provisions.
-
AWS Introduces Nitro Enclaves, Isolated EC2 Environments for Confidential Computing
AWS has recently made available Nitro Enclaves, isolated EC2 environments to process confidential data. Based on a lightweight Linux OS, a Nitro Enclave is a hardened, attested and highly constrained virtual machine.
-
Cloudflare Releases a Cloud-Based Network-as-a-Service Solution: Cloudflare One
Cloudflare, an American web-infrastructure and website-security company, recently introduced a cloud-based network-as-a-service solution for the enterprise workforce called Cloudflare One. The solution provides secure, fast, reliable, cost-effective network services, integrated with leading identity management and endpoint security providers.
-
GitHub Code Scanning Is out of Beta
One year ago GitHub announced the acquisition of Semmle, maker of a semantic code analysis engine powered by the Semmle QL query language. After a few months in beta, GitHub is now announcing the availability of its new CodeQL-based code scanning capability for all public and private repos.
-
New COOP and COEP Cross-Origin Policies for Increased Security in Chrome and Firefox
Eiji Kitamura recently addressed in a talk at Google’s web.dev live the new COOP and COEP policies that dictate how browsers handle cross-origin resources. The new opener (COOP) and embedded (COEP) policies set up a cross-origin isolated environment that protects against Spectre attacks while restoring powerful, previously disabled features (SharedArrayMemoryBuffer and more).
-
Google Expands Its Confidential Computing Portfolio
In a recent blog post, Google announced the expansion of its Confidential Computing Portfolio with the addition of Confidential Google Kubernetes Engine (GKE) Nodes. Furthermore, the public cloud vendor will make Confidential Virtual Machines (VMs) publically available.
-
Best Practices for Web Developers with Webhint - Rachel Simone Weil at OpenJS World
Rachel Simone Weil, product manager for the new Microsoft Edge’s developer tools, recently gave a talk at OpenJS world addressing how the webhint tool suite supports web developers in implementing best practices.
-
Google, Microsoft, GitHub, and Others Join the Open Source Security Foundation
Supported by The Linux Foundation, the Open Source Security Foundation (OpenSSF) aims to create a cross-industry forum for a collaborative effort to improve open source software security. The list of initial members includes Google, Microsoft, GitHub, IBM, Red Hat, and more.
-
Gremlin Announces General Availability of Status Checks
Gremlin recently announced the general availability of Status Checks. This new feature automatically validates systems that are healthy and ready for running chaos experiments in production.
-
Microsoft Introduces the Azure Well-Architected Framework
In a recent blog post, Microsoft introduced the Azure Well-Architected Framework, which provides customers with a set of Azure architecture best practices to help them build and deliver well-designed solutions.
-
Twitter Hack Was Inside Job
Yesterday, a number of tweets were posted from a number of high profile accounts advertising a 2-for-1 scam on Bitcoin. What happened and why? InfoQ investigates.
-
Hardware Attack Exposes nRF52 Debugger
A hardware bypass enables attackers to restore full debug capabilities in the nRF52 radio chipset, used in many consumer and medical devices. Fault injection re-enables debugging in a way that attacks the silicon, unpatchable in software.