InfoQ Homepage Security Content on InfoQ
-
Google Expands Its Confidential Computing Portfolio
In a recent blog post, Google announced the expansion of its Confidential Computing Portfolio with the addition of Confidential Google Kubernetes Engine (GKE) Nodes. Furthermore, the public cloud vendor will make Confidential Virtual Machines (VMs) publically available.
-
Best Practices for Web Developers with Webhint - Rachel Simone Weil at OpenJS World
Rachel Simone Weil, product manager for the new Microsoft Edge’s developer tools, recently gave a talk at OpenJS world addressing how the webhint tool suite supports web developers in implementing best practices.
-
Google, Microsoft, GitHub, and Others Join the Open Source Security Foundation
Supported by The Linux Foundation, the Open Source Security Foundation (OpenSSF) aims to create a cross-industry forum for a collaborative effort to improve open source software security. The list of initial members includes Google, Microsoft, GitHub, IBM, Red Hat, and more.
-
Gremlin Announces General Availability of Status Checks
Gremlin recently announced the general availability of Status Checks. This new feature automatically validates systems that are healthy and ready for running chaos experiments in production.
-
Microsoft Introduces the Azure Well-Architected Framework
In a recent blog post, Microsoft introduced the Azure Well-Architected Framework, which provides customers with a set of Azure architecture best practices to help them build and deliver well-designed solutions.
-
Twitter Hack Was Inside Job
Yesterday, a number of tweets were posted from a number of high profile accounts advertising a 2-for-1 scam on Bitcoin. What happened and why? InfoQ investigates.
-
Hardware Attack Exposes nRF52 Debugger
A hardware bypass enables attackers to restore full debug capabilities in the nRF52 radio chipset, used in many consumer and medical devices. Fault injection re-enables debugging in a way that attacks the silicon, unpatchable in software.
-
Disabling Google 2FA Doesn't Need 2FA
A developer's machine, compromised by attackers, was able to use Safari auto-fill to log into passwords.google.com, disable 2FA and extract passwords without notification. InfoQ spoke to Amos (@fasterthanlime) on Twitter about his experience and advice for others who might find themselves in the same situation. Read on to find out what happened, and what you should do to protect your assets.
-
Security as a Product - a Coordination Game between DevOps and InfoSec
Kelly Shortridge, a product and strategy expert in information security, has described how security should be treated as a product. Analyzing the "we mindset" and game theory she puts forth DevOps and InfoSec as a coordination game.
-
Elasticsearch 7.7 Brings Asynchronous Search, Secure Keystore and More
Elastic, the search company, has released Elasticsearch 7.7.0. This release introduces asynchronous search, password protected keystore, performance improvement on time sorted queries, two new aggregates and first release of packaging for ARM(non x86) platform.
-
WebAssembly: Building a Secure-by-Default Ecosystem - Lin Clark at WebAssembly Summit
Lin Clark, principal research engineer at Mozilla focusing on WebAssembly and Rust, discussed at the WebAssembly Summit the security challenges WebAssembly must address. Clark explained how the nano-process proposal strives to provide portable, secure-by-default WebAssembly modules.
-
Microsoft Announces the General Availability of DCsv2-VM from Azure Confidential Computing
Recently, Microsoft announced the general availability of DCsv2-series virtual machines (VMs). With these VMs, customers can deliver applications that protect data while in use.
-
DNSSEC Root KSK Ceremony 41 Taking Place on Thursday
The DNSSEC signing ceremony, which takes place as an in-person event every three months, will be a combined physical and virtual event on Thursday at 17:00 UTC. The next few months' signing keys for the DNSSEC root nameservers will take place, but not all of the keyholders will be physically present due to travel restrictions caused by COVID-19. Find out how the ceremony has been adapted.
-
jQuery 3.5 Released, Fixes XSS Vulnerability
Timmy Willison released jQuery 3.5, which fixes a cross-site scripting (XSS) vulnerability found in its HTML parser. The Snyk open source security platform estimates that 84% of all websites may be impacted by jQuery XSS vulnerabilities. jQuery 3.5 also adds missing methods for the positional selectors :even and :odd in preparation for the complete removal of positional selectors in jQuery 4.
-
Safari Blocks Third-Party Cookies by Default
Safari joins privacy-focused web browsers like Tor and Brave in blocking third-party cookies by default in a move aimed at taking a step forward in web privacy. Google will not support third-party cookie blocking by default for all Chrome users until 2022. Third-party cookie blocking by default may disable login fingerprinting, and some cross-site request forgery attacks.