InfoQ Homepage Security Content on InfoQ
-
Mozilla Blocks Flash, Encourages HTML5 Adoption
Mozilla is encouraging developers towards HTML5 and JavaScript and away from Flash, after it blocked the plugin in browsers amid security concerns. Following Adobe's advice that two critical vulnerabilities would potentially allow attackers to take control of affected systems, Mark Schmidt, Firefox's head of support, announced the move on Twitter.
-
Symantec Claims Zero Day Flash Vulnerability Likely to be Exploited
Symantec is reporting that the zero-day vulnerability discovered (and weaponised) in the HackDay leak allows for remote code execution. Adobe will be updating Flash in the near future but disabling Flash may be the only solution at the moment.
-
Crossing the Chasm of Container Adoption in Production
Only 38% of IT professionals use containers in production environments, according to a recent survey. ClusterHQ, which ran the survey of the current state of container usage and adoption, also concludes that 73% of respondents are running containers in a VM environment.
-
Developments in IT Project Management
The demand for IT project managers is increasing. Agile methodologies support collaboration with distributed teams for creative problem solving. The Internet of Things, cloud, big data, and cyber security will continue to dominate the IT landscape. Project managers have to pioneer IOT initiatives, be prepared for the influx of data and ensure that deliverables from their projects are secure.
-
Password Manager LastPass Suffers Hacking Attack
The web-based LastPass password management service has been hacked according to the company, and the result is that some user data, including email addresses and authentication hashes were obtained by unknown assailants. The breach highlights the risks users take by storing all of their passwords in a centralized location.
-
SQL Server 2016: Row-Level Security
A common criticism for SQL Server’s security model is that it only understands tables and columns. If you want to apply security rules on a row-by-row basis, you have to simulate it using stored procedures or table value functions, and then find a way to make sure there is no way to bypass them. With SQL Server 2016, that is no longer a problem.
-
SQL Server 2016: Always Encrypted
SQL Server 2016 seeks to make encryption easier via its new Always Encrypted feature. This feature offers a way to ensure that the database never sees unencrypted values without the need to rewrite the application.
-
Google Introduces Smart Lock for Passwords
Google has announced at I/O 2015 the Google Identity Platform, a collection of tools and APIs for managing identities and dealing with authentication and authorization across Android, iOS and web applications.
-
Security Vulnerabilities in Docker Hub Images
BanyanOps have published a report stating that ‘Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities’, which include some of the sensational 2014 issues such as ShellShock and Heartbleed. The analysis also looks at user generated ‘general’ repositories and finds an even greater level of vulnerability.
-
Netflix's FIDO Guards Against Security Incidents
The Netflix team has released FIDO -- an open source system for automatically analysing security events. Not to be confused with FIDO Alliance, Netflix's platform stands for Fully Integrated Defense Operation, the platform's Github describes FIDO as "an orchestration layer used to automate the incident response process by evaluating, assessing and responding to malware."
-
Serious Red Hat Linux Bug Affects Haswell-based Servers
Users and administrators of Red Hat-based Linux distributions version 6.6 should plan to update their systems as soon as possible due to the presence a significant bug that cause their system to deadlock.
-
VENOM Vulnerability Threatens Several Major VM Hosts
Users of the popular virtual machine tools Xen, KVM, VirtualBox, and QEMU are urged to patch their systems as soon as possible due to a newly found bug that exposes flaws in the code providing virtual floppy disk support. The VENOM vulnerability affects all operating systems that are hosting these environments.
-
Docker Security Benchmark
Docker Inc have worked with the Center for Internet Security (CIS) to produce a benchmark document containing numerous recommendations for the security of Docker deployments. The benchmark was announced in a blog post ‘Understanding Docker Security and Best Practices’ by Diogo Mónica who was recently hired along with Nathan McCauley to lead the Docker Security team.
-
Spring Security 4.0: WebSocket, Spring Data and Test Support
The Spring Security team released Spring Security 4.0.0, adding several new features as well as more default security. Major themes include WebSocket Security, Spring Data integration, better testing support and the introduction of Spring Session as a new (Apache licensed) open source project.
-
Atlassian's Stash Data Center Offers High Availability and Scalability for Git
Atlassian recently released Stash Data Center, a highly available and horizontally scalable deployment option for its on-premises source code and Git repository management solution Stash. New nodes can be added without downtime to provide active-active clustering and instant scalability.