BT

Postponing the Retirement of SHA-1

by Jeff Martin on  Dec 29, 2015

The need to retire SHA-1 faces obstacles with the access needs of users who have yet to upgrade. Facebook, Twitter, and CloudFlare have proposed an interim solution for users of these legacy devices.

Keeping Your Secrets Safe in a Distributed and Scalable Environment

by Rui Covelo on  Dec 28, 2015

At the Velocity Conference in Amsterdam, Alex Shoof explained how to manage secrets in a scalable and distributed environment. Shoof proposed a system based on five fundamental principles for secret management.

Container Manifests, Docker Labels, and the Implications on Security: A Q&A with Gareth Rushgrove

by Daniel Bryant on  Dec 15, 2015

At DockerCon EU 2015, InfoQ sat down with Gareth Rushgrove, a senior software engineer at Puppet Labs, and explored the concepts behind his conference presentation “Shipping Manifests, Bill of Lading and Docker”. The range of topics discussed included the benefits of system package management (manifest) metadata, the use of Docker labels, and the implications on security and compliance audits.

Google Cloud Security Scanner reaches General Availability

by Kent Weare on  Dec 05, 2015

On October 7, 2015 Google announced its App Engine security service, Google Cloud Security Scanner, has reached general availability. This past February, Google launched a beta version of this service.

Facebook's and Twitter's SDKs for Apple tvOS Enable Onboarding and Analytics

by Sergio De Simone on  Dec 03, 2015

Facebook and Twitter have released SDKs for Apple tvOS to provide support for onboarding, user verification, and analytics.

A Brief Introduction to Incident.MOOG with Rob Markovich

by Jonathan Allen on  Dec 03, 2015

Recently we caught up with Rob Markovich, CMO of Moogsoft, to talk about the new version of their early warning system, Incident.MOOG.

Security Release for DOS Vulnerability in Node.js

by James Chesters on  Dec 01, 2015

The Node Foundation has announced vulnerabilities in versions of Node.js from v0.12.x through to v5.x "whereby an external attacker can cause a denial of service."

Introducing Amazon Inspector

by Kent Weare on  Nov 29, 2015

At the recent Re:Invent conference, Amazon announced a new security assessment and compliance service. The service is called Amazon Inspector and is currently in preview.

Docker Boosts Security on Containers

by Guillermo Beltri on  Nov 19, 2015

Docker Inc. has announced a new set of security enhancements at DockerCon EU, celebrated in Barcelona on 16-17th/Nov. These enhancements includes hardware signing of container images, content auditing through image scanning and vulnerability detection and granular access control policies with user namespaces.

Structure 2015 - State of the Cloud and Container Ecosystems

by Chris Swan on  Nov 19, 2015

Rising from the ashes of GigaOm the tribal gathering of cloud elders that is Structure has returned, and got off to a strong start with Battery Ventures' Adrian Cockcroft presenting on the State of the Cloud and Container Ecosystems. Cockcroft paid particular attention to the impact of containers, which wasn’t even a major discussion topic at the last Structure conference in 2013.

Vulnerability Discovered in libpng

by Jeff Martin on  Nov 18, 2015

It has been announced that the popular and widely used libpng library has vulnerabilities that make applications that rely on it for PNG image support vulnerable to exploitation. System administrators and application developers should take heed to update their systems as soon as possible.

Nexmo Verify SDK Touts Easy Phone Number-based Authentication

by Sergio De Simone on  Nov 17, 2015

Nexmo has announced the availability of its Verify SDK for iOS, Android, and JavaScript, which makes it possible to securely register and authenticate users based on their mobile phone numbers, Nexmo says.

Twistlock Announce General Availability of Container Security Suite

by Chris Swan on  Nov 10, 2015

Twistlock have announced the general availability of their Container Security Suite, along with a partnership with Google Cloud Platform that integrates Twistlock into Google Container Engine (GKE). The suite consists of a console to define policy, a registry scanner and a ‘Defender’that runs as a privileged container on each host.

Remotely Exploitable Java Zero Day Exploits through Deserialization

by Alex Blewitt on  Nov 07, 2015 8

According to a recent security analysis by Foxglove Security suggests that applications using deserialization may be vulnerable to a zero-day exploit. This includes libraries including OpenJDK, Apache Commons, Spring and Groovy. InfoQ investigates.

Apple Open-sources Three Cryptographic Libraries

by Sergio De Simone on  Oct 31, 2015

Apple has announced they have open sourced three major components in their OSes’ security subsystem. Apple’s announcement has spun some controversy due to the restrictive nature of the license used for one of the libraries.

General Feedback
Bugs
Advertising
Editorial
Marketing
InfoQ.com and all content copyright © 2006-2016 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT

We notice you’re using an ad blocker

We understand why you use ad blockers. However to keep InfoQ free we need your support. InfoQ will not provide your data to third parties without individual opt-in consent. We only work with advertisers relevant to our readers. Please consider whitelisting us.