BT

Secrets Management with Chef-Vault

by João Miranda on  Jan 31, 2016

Secret management is a difficult problem in a distributed and scalable environment. Chef-vault is a Chef tool built on top of encrypted data bags that eliminates the need to share the decryption key with all users and nodes of an infrastructure.

Oracle to Deprecate Java Browser Plugin in 2017

by Charles Humble on  Jan 28, 2016

Oracle has announced that it will deprecate the Java browser plugin as part of the JDK 9 release now expected in 2017. The deprecated technology will be completely removed from the Oracle Java Development Kit (JDK) and Java Runtime Environment (JRE) in a future Java release, but Oracle is yet to indicate which one.

Critical Bug Affects OpenSSH Users

by Jeff Martin on  Jan 16, 2016

A critical bug has been revealed that affects users running OpenSSH. The bug affects both the OpenBSD specific version and the portable version used on Linux and several other operating systems. Patches and mitigations are available now.

Startup Afero Platform Addresses Internet of Things Communications Security

by Kevin Farnham on  Jan 13, 2016

Tech startup Afero has launched a new platform that addresses both hardware and software necessities for securely connecting the internet of things (IoT). The platform interfaces IoT devices with a secure Bluetooth smart module, which communicates with a mobile phone that interfaces with the Afero cloud. All communications between the Bluetooth smart module node and the cloud are encrypted.

AVG Plugin Exposes Chrome User Data

by Jeff Martin on  Dec 31, 2015

Anti-virus software vendor AVG has produced a plugin for Google Chrome that negates that browser's security settings, leaving users at risk of having their information stolen or possibly having their system compromised.

Clair Helps Secure Docker Images

by Manuel Pais on  Dec 30, 2015

Clair is an open-source container vulnerability scanner recently released by CoreOs. The tool cross-checks if a Docker image's operating system and any of its installed packages match any known insecure package versions. The vulnerabilities are fetched from OS-specific common vulnerabilities and exposures databases. Currently supported are Red Hat, Ubuntu, and Debian.

Postponing the Retirement of SHA-1

by Jeff Martin on  Dec 29, 2015

The need to retire SHA-1 faces obstacles with the access needs of users who have yet to upgrade. Facebook, Twitter, and CloudFlare have proposed an interim solution for users of these legacy devices.

Keeping Your Secrets Safe in a Distributed and Scalable Environment

by Rui Covelo on  Dec 28, 2015

At the Velocity Conference in Amsterdam, Alex Shoof explained how to manage secrets in a scalable and distributed environment. Shoof proposed a system based on five fundamental principles for secret management.

Container Manifests, Docker Labels, and the Implications on Security: A Q&A with Gareth Rushgrove

by Daniel Bryant on  Dec 15, 2015

At DockerCon EU 2015, InfoQ sat down with Gareth Rushgrove, a senior software engineer at Puppet Labs, and explored the concepts behind his conference presentation “Shipping Manifests, Bill of Lading and Docker”. The range of topics discussed included the benefits of system package management (manifest) metadata, the use of Docker labels, and the implications on security and compliance audits.

Google Cloud Security Scanner reaches General Availability

by Kent Weare on  Dec 05, 2015

On October 7, 2015 Google announced its App Engine security service, Google Cloud Security Scanner, has reached general availability. This past February, Google launched a beta version of this service.

Facebook's and Twitter's SDKs for Apple tvOS Enable Onboarding and Analytics

by Sergio De Simone on  Dec 03, 2015

Facebook and Twitter have released SDKs for Apple tvOS to provide support for onboarding, user verification, and analytics.

A Brief Introduction to Incident.MOOG with Rob Markovich

by Jonathan Allen on  Dec 03, 2015

Recently we caught up with Rob Markovich, CMO of Moogsoft, to talk about the new version of their early warning system, Incident.MOOG.

Security Release for DOS Vulnerability in Node.js

by James Chesters on  Dec 01, 2015

The Node Foundation has announced vulnerabilities in versions of Node.js from v0.12.x through to v5.x "whereby an external attacker can cause a denial of service."

Introducing Amazon Inspector

by Kent Weare on  Nov 29, 2015

At the recent Re:Invent conference, Amazon announced a new security assessment and compliance service. The service is called Amazon Inspector and is currently in preview.

Docker Boosts Security on Containers

by Guillermo Beltri on  Nov 19, 2015

Docker Inc. has announced a new set of security enhancements at DockerCon EU, celebrated in Barcelona on 16-17th/Nov. These enhancements includes hardware signing of container images, content auditing through image scanning and vulnerability detection and granular access control policies with user namespaces.

General Feedback
Bugs
Advertising
Editorial
Marketing
InfoQ.com and all content copyright © 2006-2016 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT