Tech startup Afero has launched a new platform that addresses both hardware and software necessities for securely connecting the internet of things (IoT). The platform interfaces IoT devices with a secure Bluetooth smart module, which communicates with a mobile phone that interfaces with the Afero cloud. All communications between the Bluetooth smart module node and the cloud are encrypted.
Anti-virus software vendor AVG has produced a plugin for Google Chrome that negates that browser's security settings, leaving users at risk of having their information stolen or possibly having their system compromised.
Clair is an open-source container vulnerability scanner recently released by CoreOs. The tool cross-checks if a Docker image's operating system and any of its installed packages match any known insecure package versions. The vulnerabilities are fetched from OS-specific common vulnerabilities and exposures databases. Currently supported are Red Hat, Ubuntu, and Debian.
The need to retire SHA-1 faces obstacles with the access needs of users who have yet to upgrade. Facebook, Twitter, and CloudFlare have proposed an interim solution for users of these legacy devices.
At the Velocity Conference in Amsterdam, Alex Shoof explained how to manage secrets in a scalable and distributed environment. Shoof proposed a system based on five fundamental principles for secret management.
At DockerCon EU 2015, InfoQ sat down with Gareth Rushgrove, a senior software engineer at Puppet Labs, and explored the concepts behind his conference presentation “Shipping Manifests, Bill of Lading and Docker”. The range of topics discussed included the benefits of system package management (manifest) metadata, the use of Docker labels, and the implications on security and compliance audits.
On October 7, 2015 Google announced its App Engine security service, Google Cloud Security Scanner, has reached general availability. This past February, Google launched a beta version of this service.
Facebook and Twitter have released SDKs for Apple tvOS to provide support for onboarding, user verification, and analytics.
Recently we caught up with Rob Markovich, CMO of Moogsoft, to talk about the new version of their early warning system, Incident.MOOG.
The Node Foundation has announced vulnerabilities in versions of Node.js from v0.12.x through to v5.x "whereby an external attacker can cause a denial of service."
At the recent Re:Invent conference, Amazon announced a new security assessment and compliance service. The service is called Amazon Inspector and is currently in preview.
Docker Inc. has announced a new set of security enhancements at DockerCon EU, celebrated in Barcelona on 16-17th/Nov. These enhancements includes hardware signing of container images, content auditing through image scanning and vulnerability detection and granular access control policies with user namespaces.
Rising from the ashes of GigaOm the tribal gathering of cloud elders that is Structure has returned, and got off to a strong start with Battery Ventures' Adrian Cockcroft presenting on the State of the Cloud and Container Ecosystems. Cockcroft paid particular attention to the impact of containers, which wasn’t even a major discussion topic at the last Structure conference in 2013.
It has been announced that the popular and widely used libpng library has vulnerabilities that make applications that rely on it for PNG image support vulnerable to exploitation. System administrators and application developers should take heed to update their systems as soon as possible.
CONTENT IN THIS BOX
PROVIDED BY OUR SPONSOR
Introducing Intel® SGX - Hardware Assisted Security for the Application Layer.
Numecent, Bromium, and wolfSSL employ Intel® Software Guard Extensions (Intel® SGX) to create more secure, next-generation solutions.
Intel Software Guard Extensions (SGX) for Dummies.
At its root, Intel® SGX is a set of new CPU instructions that can be used by applications to set aside private regions of code and data.
Protect Application Code, Data, & Secrets from Attack.
CPU-enhanced Application Security Product Brief.
Learn more about the Intel SGX SDK, a collection of APIs, libraries, documentation, sample source code, and tools that allows software developers to create and debug Intel SGX enabled applications in C/C++.