InfoQ Homepage Security Content on InfoQ
-
Building Human Interfaces with Artificial Intelligence
AI helps us to build human interfaces based on speaking and writing, instead of using a keyboard or mouse; it allows humans to stay human. The biggest challenges are finding ways to tell systems what answers are unsatisfactory to help them learn, be transparent in what data is recorded and retained, and ensure that diversity and inclusion is part of our training data to prevent bias in AI systems.
-
Implementing Privacy by Design in Hyperledger Indy
Centralized identity providers, such as social media sites and consumer email services, provide convenience to users. But this approach creates data privacy and security risks. Hyperledger Indy, an open source blockchain project, is being built to address the current issues that exist in centralized identity providers by taking a 'Privacy by Design' approach to deal with these risks.
-
Hyperledger Releases New Version of Burrow Featuring Improved Integration and Developer Experience
In a recent blog post, the Hyperledger open source project announced the next version of Burrow v.0.21.0. Within this release, organizations can expect improved integration, key-signing, helm charts for Kubernetes and developer experience.
-
Confluent Platform 5.0 Supports LDAP Authorization and MQTT Proxy for IoT Integration
Confluent Platform 5.0, the enterprise streaming platform built on Apache Kafka, supports LDAP authorization, Kafka topic inspection, and Confluent MQTT Proxy for Internet of Things (IoT) integration.
-
How Apple's Intelligent Tracking Prevention in Safari Works
The latest release of Apple’s web browser, Safari 12, will provide “Intelligent Tracking Prevention” (ITP) 2.0, which aims to reduce the ability of third-parties to track web users via cookies and other methods.
-
Privacy and Security a Top Priority in macOS Mojave and Safari 12
At their annual Developer Conference WWDC Apple previewed macOS Mojave, the latest version of the company’s desktop operating system, and Safari 12, the updated web browser. Apple has stated that enhanced privacy and security are a top priority with these releases.
-
The Lowdown on Face Recognition Technology
Facial recognition is a direct application of machine learning that is being deployed far and wide to consumers, in the industry and to law enforcement agencies with potential benefits in our daily lives as well as serious concerns for privacy. facial recognition models show above human performances but real world implementation remains problematic for some applications.
-
Zip Slip Directory Traversal Vulnerability Impacts Multiple Java Projects
Security monitoring company Snyk has disclosed Zip Slip, an arbitrary file overwrite vulnerability exploited using a specially crafted ZIP archive that holds path traversal filenames. The vulnerability affects thousands of projects including AWS CodePipeline, Spring Integration, LinkedIn's Pinot, Apache/Twitter Heron, Alibaba JStorm, Jenkins, Gradle, and Google Cloud Platform.
-
Package Containing Malicious Backdoor Makes its Way into NPM
The NPM security team removed a package masquerading as a cookie parser that actually contained a malicious backdoor, along with three other packages depending on it. The backdoor allowed attackers to inject arbitrary code into a running server and execute it.
-
Twitter Passwords May Be Compromised, Could Be One of the Largest Data Breaches in History
On May 3 Twitter announced that they had uncovered and fixed a bug that had resulted in users' passwords being stored in plaintext. No information has been released on how many users were affected, and all users are being recommended to change their passwords. If all users were in fact compromised, this would be the one of the largest known data breaches in history.
-
Securing IoT Devices with Microsoft's Azure Sphere
To improve security of IoT devices, Microsoft announced Azure Sphere, an end-to-end solution for Internet-connected microcontrollers (MCUs). Azure Sphere has a three-layer architecture based on hybrid microcontrollers running a new IoT-optimized Linux kernel and leveraging a cloud-based security service. The first Azure Sphere chip, the MT3620, is developed by MediaTek Inc.
-
Google’s New Cloud Security Tools Increase DDOS Protection, Transparency and Usability
Recently, Google introduced several new cloud-focused security enhancements for the Google Cloud Platform (GCP). These enhancements include new services like Cloud Security Command Center (Cloud SCC), Google Cloud Armor, VPC Service Controls, and a few new features for G Suite administrators. Furthermore, these enhancements are a part of Google’s investment in their cloud platform.
-
Q&A with Marisa Fagan on Security Championship
Security lead Marisa Fagan recently spoke at QConLondon 2018 about upskilling and elevating engineering team members into the role of Security Champions. We catch up with Fagen and report on her efforts to address contention caused by a scarcity of security professionals.
-
Intel Found That Spectre and Meltdown Fix Has a Performance Hit of 0-21%
Microsoft, Red Hat and Intel have published their performance evaluation of the impact Meltdown and Spectre mitigation has on various systems.
-
Redpoint Games Launch NPM Package Signing Tool
Redpoint has launched pkgsign, a package signing and verification tool for NPM. It aims to improve security by helping ensure the authenticity of packages which are uploaded and downloaded from the NPM registry.