InfoQ Homepage Security Content on InfoQ
-
Hadoop Summit 2014 Day One - On the Path to Enterprise Grade Hadoop
Hadoop Summit Day One report covers the important trends and changes from last year's summit. It also covers the important announcements of the day in relation to this year's trending topics. This report focuses on the platform specific innovations and announcements and not the broader partner ecosystem, which will be covered in the next few days.
-
LibreSSL, OpenSSL Replacement: The First 30 Days
LibreSSL is the OpenBSD group's response to the Heartbleed security vulnerability that was discovered a few weeks ago in OpenSSL. LibreSSL aims at fully pruning/refactoring OpenSSL to provide a secure and stable code base, fix long standing bugs, introduce modern programming practices, and redesign portability. After one month of work, it is time for a status update.
-
Docker Release Candidate for 1.0
Docker version 0.11 has been released, which is the first release candidate for 1.0. The release doesn’t just focus on stability, and includes a number of new networking, security and administration features.
-
Heartbleed’s Aftermath: OpenBSD Developers Start Purifying OpenSSL
OpenSSL's Heartbleed vulnerability has brought the project under the intense scrutiny of the OpenBSD development team. The team began a massive cleanse and repair of the OpenSSL codebase last week with impressive results.
-
Android 4.1.1 Vulnerable to Reverse Heartbleed
Google announced last week that Android 4.1.1 is susceptible to the Heartbleed OpenSSL bug. While Android 4.1.1 is, according to Google, the only Android version vulnerable to Heartbleed, it remains in use in millions of smartphones and tablets. Android 4.1.1 devices have been shown to leak significant amount of data in a "reverse Heartbleed" attack.
-
Rails 4.1 Improves Boot Time and Responsive Layouts
Rails 4.1 can now preload your application to improve startup time and comes with improvements for Action Pack, Active Record, and Action Mailer.
-
Heartbleed allows dumping client and server memory remotely
The recently disclosed Heartbleed bug allows a remote client to query the contents of a remote SSL server's memory when using vulnerable versions of OpenSSL, disclosing passwords and other secure credentials to eavesdroppers. Application sites like Yahoo! Mail and Amazon Web Services have been affected. Read on to find out more about what the bug entails,and what you should do.
-
HBase 0.98 Introduces Cell-based Security
Apache released HBase 0.98 primarily addressing convergence with Apache Accumulo via cell-based security while resolving over 230 JIRA issues. These new security features are modeled after Accumulo.
-
Lessons Learned from Apple's GoToFail Bug
The recent security weakness found in both iOS and OS X hints at flaws in coding style guidelines, unit testing, system testing, code review policies, error management strategies, and tools deployment. An overview.
-
Oracle Releases 144 Security Fixes, 36 for Java SE
Oracle released their latest Critical Patch Update (CPU), containing 144 new security fixes across all product families, including 36 for Java SE.
-
Encrypting Files on Android with Facebook Conceal
Facebook has open sourced Conceal, a set of Java APIs for file encryption and authentication on Android. Conceal uses a subset of OpenSSL’s algorithms and predefined options in order to keep the library smaller, currently being 85KB.
-
Strengthening HTTP
The recent Snowden revelations have impacted the IETF HTTP/2 Working Group and how the protocol should handle encryption, i.e., should it be mandated? Mark Nottingham, the Working Group chair, shares his thoughts on the discussions so far and gives a clue as to how he sees it being resolved given information so far. He concludes by asking anyone with an opinion to share it with the Working Group.
-
Android 4.4 KitKat and the Secret Key Factory
With the introduction of Android 4.4, developers are being asked to change the way symmetric keys are generated from Unicode passphrases via the SecretKeyFactory.
-
Xen Project Releases 1.0 of Mirage OS
Mirage OS is a ‘cloud operating system’ that seeks to avoid security vulnerabilities and bloat by facilitating the creation of single purpose virtual appliances. Applications are developed in the OCaml functional programming language and compiled into standalone ‘unikernels’ that run directly on the Xen hypervisor.
-
Firefox 26 Blocks Java
Mozilla Firefox 26 now blocks all Java plug-ins by default due to security concerns but allows users to run such plug-ins if they want to.