InfoQ Homepage Security Content on InfoQ
-
Security Vulnerabilities in Docker Hub Images
BanyanOps have published a report stating that ‘Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities’, which include some of the sensational 2014 issues such as ShellShock and Heartbleed. The analysis also looks at user generated ‘general’ repositories and finds an even greater level of vulnerability.
-
Netflix's FIDO Guards Against Security Incidents
The Netflix team has released FIDO -- an open source system for automatically analysing security events. Not to be confused with FIDO Alliance, Netflix's platform stands for Fully Integrated Defense Operation, the platform's Github describes FIDO as "an orchestration layer used to automate the incident response process by evaluating, assessing and responding to malware."
-
Serious Red Hat Linux Bug Affects Haswell-based Servers
Users and administrators of Red Hat-based Linux distributions version 6.6 should plan to update their systems as soon as possible due to the presence a significant bug that cause their system to deadlock.
-
VENOM Vulnerability Threatens Several Major VM Hosts
Users of the popular virtual machine tools Xen, KVM, VirtualBox, and QEMU are urged to patch their systems as soon as possible due to a newly found bug that exposes flaws in the code providing virtual floppy disk support. The VENOM vulnerability affects all operating systems that are hosting these environments.
-
Docker Security Benchmark
Docker Inc have worked with the Center for Internet Security (CIS) to produce a benchmark document containing numerous recommendations for the security of Docker deployments. The benchmark was announced in a blog post ‘Understanding Docker Security and Best Practices’ by Diogo Mónica who was recently hired along with Nathan McCauley to lead the Docker Security team.
-
Spring Security 4.0: WebSocket, Spring Data and Test Support
The Spring Security team released Spring Security 4.0.0, adding several new features as well as more default security. Major themes include WebSocket Security, Spring Data integration, better testing support and the introduction of Spring Session as a new (Apache licensed) open source project.
-
Atlassian's Stash Data Center Offers High Availability and Scalability for Git
Atlassian recently released Stash Data Center, a highly available and horizontally scalable deployment option for its on-premises source code and Git repository management solution Stash. New nodes can be added without downtime to provide active-active clustering and instant scalability.
-
Chrome 42 Disables NPAPI and Related Plug-ins: Java, Unity, Silverlight
As outlined in the NPAPI Deprecation Guide, Chrome 42, which was due this month and was recently released to the stable channel, has disabled support for the Netscape Plug-in API. The reason is that NPAPI “has become a leading cause of hangs, crashes, security incidents, and code complexity” and the intent was first announced in 2013.
-
Firefox 37 Brings Native Playback of HTML5 Video
Mozilla has released Firefox 37, bringing native playback of HTML5 video for Windows, and many security changes.
-
Lenovo Responds to Superfish Vulnerability
Lenovo has responded to the criticism of the Superfish software pre-loaded onto its computers with advice on how to remove the offending tool. But what was the issue, and why was it pre-loaded in the first place? InfoQ investigates. Meanwhile, Microsoft has pushed out a definition of Microsoft Defender to remove Superfish and its root certificate.
-
Atlassian Launches HipChat Server for Team Collaboration Behind the Firewall
Development and collaboration software vendor Atlassian recently launched HipChat Server, an on-premise version of its text, audio and video chat, file and screen sharing, as well as third party integration offering for team collaboration.
-
Android Developers Now Can Test WebView before It Is Released
Google has made Android WebView available as a standalone application for developers willing to test it.
-
Mobile Security and Team Collaboration: How to Combine It
Mobile devices often contain both personal and corporate data. When these devices use cloud services with an "always on" internet connection the risk of security breaches increases says Jeff Crume. An interview on mobile security threats, increasing adherence to security policies, using mobile devices to collaborate efficiently, effectively and secure, and deploying enterprise mobile security.
-
Amazon releases AWS Key Management Service
At their re:invent 2014 show Amazon launched AWS Key Management Service (KMS), “a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys”. At launch the service supported EBS, S3 and Redshift. Additional support for Elastic Transcoder was added in late November.
-
Google Uses Machine Learning to Simplify CAPTCHA
Google has announced a new CAPTCHA API which provides a No CAPTHA experience for most users.