InfoQ Homepage Security Content on InfoQ
-
.NET 4.6.2 Preview Brings Security and WPF Features
While most of the attention is on .NET Core, work continues on the original .NET Framework. Recently released as a preview, version 4.6.2 is primarily focused on security and WinForms/WPF related features.
-
NPM Worm Vulnerability Disclosed
The NPM project has formally acknowledged a long-standing security vulnerability in which it is possible for malicious packages to run arbitrary code on developer's systems, leading to the first NPM created worm. With the recent problems with NPM, is it safe to use any more? InfoQ investigates.
-
Apple and FBI Court Appearance Postponed
The court appearance between Apple and the FBI, originally scheduled for later today, has been postponed a week until after Easter, following a request from the FBI to defer.
-
All Things Containers From Solaris Zones to Docker
InfoQ's Rags Srinivas caught up with Bryan Cantrill a day after the Containers Summit at New York City and discussed all things containers from Solaris Zones to Docker.
-
Apple, FBI Testify before Congress
Apple and the FBI have appeared before the House Committee on the Judiciary Hearings to argue over the legalities of whether Apple should be compelled to create an insecure version of iOS to allow the FBI to break into a suspect's phone. InfoQ has been watching the live video stream and summarises the outcome.
-
Apple Defends Encryption with TV Interview, Files Counter Lawsuit
Apple has responded to questions raised about its stance with the FBI and CEO Tim Cook has appeared on live TV to defend Apple's stance. They have now filed a lawsuit to have the FBI's case dismissed. InfoQ updates you with the latest on the subject.
-
Apple Backdoor iOS Case Develops
Apple continues to resist providing a backdoored version of iOS for the FBI, while technology companies come out in support of Apple's stance. Political candidates capitalise on the stance leading to polarised advice. InfoQ provides an update to the situation as it currently stands.
-
Secrets Management with Chef-Vault
Secret management is a difficult problem in a distributed and scalable environment. Chef-vault is a Chef tool built on top of encrypted data bags that eliminates the need to share the decryption key with all users and nodes of an infrastructure.
-
Startup Afero Platform Addresses Internet of Things Communications Security
Tech startup Afero has launched a new platform that addresses both hardware and software necessities for securely connecting the internet of things (IoT). The platform interfaces IoT devices with a secure Bluetooth smart module, which communicates with a mobile phone that interfaces with the Afero cloud. All communications between the Bluetooth smart module node and the cloud are encrypted.
-
AVG Plugin Exposes Chrome User Data
Anti-virus software vendor AVG has produced a plugin for Google Chrome that negates that browser's security settings, leaving users at risk of having their information stolen or possibly having their system compromised.
-
Postponing the Retirement of SHA-1
The need to retire SHA-1 faces obstacles with the access needs of users who have yet to upgrade. Facebook, Twitter, and CloudFlare have proposed an interim solution for users of these legacy devices.
-
Container Manifests, Docker Labels, and the Implications on Security: A Q&A with Gareth Rushgrove
At DockerCon EU 2015, InfoQ sat down with Gareth Rushgrove, a senior software engineer at Puppet Labs, and explored the concepts behind his conference presentation “Shipping Manifests, Bill of Lading and Docker”. The range of topics discussed included the benefits of system package management (manifest) metadata, the use of Docker labels, and the implications on security and compliance audits.
-
A Brief Introduction to Incident.MOOG with Rob Markovich
Recently we caught up with Rob Markovich, CMO of Moogsoft, to talk about the new version of their early warning system, Incident.MOOG.
-
Security Release for DOS Vulnerability in Node.js
The Node Foundation has announced vulnerabilities in versions of Node.js from v0.12.x through to v5.x "whereby an external attacker can cause a denial of service."
-
Twistlock Announce General Availability of Container Security Suite
Twistlock have announced the general availability of their Container Security Suite, along with a partnership with Google Cloud Platform that integrates Twistlock into Google Container Engine (GKE). The suite consists of a console to define policy, a registry scanner and a ‘Defender’that runs as a privileged container on each host.