BT

Introducing Amazon Inspector

by Kent Weare on  Nov 29, 2015

At the recent Re:Invent conference, Amazon announced a new security assessment and compliance service. The service is called Amazon Inspector and is currently in preview.

Docker Boosts Security on Containers

by Guillermo Beltri on  Nov 19, 2015

Docker Inc. has announced a new set of security enhancements at DockerCon EU, celebrated in Barcelona on 16-17th/Nov. These enhancements includes hardware signing of container images, content auditing through image scanning and vulnerability detection and granular access control policies with user namespaces.

Structure 2015 - State of the Cloud and Container Ecosystems

by Chris Swan on  Nov 19, 2015

Rising from the ashes of GigaOm the tribal gathering of cloud elders that is Structure has returned, and got off to a strong start with Battery Ventures' Adrian Cockcroft presenting on the State of the Cloud and Container Ecosystems. Cockcroft paid particular attention to the impact of containers, which wasn’t even a major discussion topic at the last Structure conference in 2013.

Vulnerability Discovered in libpng

by Jeff Martin on  Nov 18, 2015

It has been announced that the popular and widely used libpng library has vulnerabilities that make applications that rely on it for PNG image support vulnerable to exploitation. System administrators and application developers should take heed to update their systems as soon as possible.

Nexmo Verify SDK Touts Easy Phone Number-based Authentication

by Sergio De Simone on  Nov 17, 2015

Nexmo has announced the availability of its Verify SDK for iOS, Android, and JavaScript, which makes it possible to securely register and authenticate users based on their mobile phone numbers, Nexmo says.

Twistlock Announce General Availability of Container Security Suite

by Chris Swan on  Nov 10, 2015

Twistlock have announced the general availability of their Container Security Suite, along with a partnership with Google Cloud Platform that integrates Twistlock into Google Container Engine (GKE). The suite consists of a console to define policy, a registry scanner and a ‘Defender’that runs as a privileged container on each host.

Remotely Exploitable Java Zero Day Exploits through Deserialization

by Alex Blewitt on  Nov 07, 2015 8

According to a recent security analysis by Foxglove Security suggests that applications using deserialization may be vulnerable to a zero-day exploit. This includes libraries including OpenJDK, Apache Commons, Spring and Groovy. InfoQ investigates.

Apple Open-sources Three Cryptographic Libraries

by Sergio De Simone on  Oct 31, 2015

Apple has announced they have open sourced three major components in their OSes’ security subsystem. Apple’s announcement has spun some controversy due to the restrictive nature of the license used for one of the libraries.

Oracle Patches 154 New Security Vulnerabilities

by James Chesters on  Oct 27, 2015

Oracle have announced 154 new security vulnerabilities in its latest Critical Patch Update -- but says there is no indication that any of the most severe vulnerabilities have been successfully exploited “in the wild.”

Internet Security, TLS, and HTTP/2: A Q&A with ThoughtWorks’ Vuksanovic and Gibson

by Daniel Bryant on  Oct 24, 2015

InfoQ recently sat down with Marko Vuksanovic and Sam Gibson from ThoughtWorks, and asked about their recent study of TLS/HTTPS and HTTP/2 that was published in the ThoughtWorks P2 magazine. Both Vuksanovic and Gibson shared their expertise on a range of security-focused topics, including ubiquitous computing, the workings of TLS/HTTPS, certificate trust, and the security implications of HTTP/2.

Cambridge Study Analyzes State of Android Security

by Sergio De Simone on  Oct 22, 2015

Researchers at the University of Cambridge have carried through an extensive research to assess security across Android devices, Android versions, and years. Their findings show 87% of Android devices to be vulnerable on average over the last four years. InfoQ has spoken with Daniel Thomas, lead author of the study.

Firefox Will No Longer Support Plug-ins Except for Flash

by Abel Avram on  Oct 14, 2015 4

Mozilla has announced the end of NPAPI in Firefox by the end of 2016, the only plug-in continuing to be supported being Flash.

Splunk .conf 2015 Keynote

by Jonathan Allen on  Sep 22, 2015

Splunk opened their big data conference with an emphasis on “making machine data accessible, usable, and valuable to everyone”. This is a shift from their original focus: indexing arbitrary big data sources. Reasonably happy with their ability to process data, they want to ensure that developers, IT staff, and normal people have a way to actually use all of the data their company is collecting.

Symantec Accidentally Leaks Multiple Google SSL Certificates

by Jeff Martin on  Sep 21, 2015

Symantec’s Thawte unit admits that flawed internal practices allowed multiple Google SSL certificates to be released in an unauthorized manner.

Storing Secrets at Scale with HashiCorp's Vault: Q&A with Armon Dadgar

by Daniel Bryant on  Sep 09, 2015

After an informative presentation by Armon Dadgar at QCon New York that explored security requirements within modern production systems, InfoQ sat down with Dadgar and asked questions about HashiCorp’s Vault, an open source tool for managing secrets at scale.

General Feedback
Bugs
Advertising
Editorial
Marketing
InfoQ.com and all content copyright © 2006-2016 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT