InfoQ Homepage Security Content on InfoQ
-
Tune Up Your Online Privacy with Clef
Clef is like a retina scan for your smart phone, which gives a whole new meaning to Retina Display. You can use Clef as an Open ID to log in from your smart phone only once to access many different web sites when online. Rather than typing in your user ID and password for each web site.
-
S is for Security
Frank Breedijk, security officer at Schuberg Philis, talks about the friction points between security and DevOps and how to collaborate to avoid them. Examples include automating security tests and environments, reducing scope of security audits to relevant system components only or allowing security fixes to jump the queue of changes to production.
-
Oracle to Change the Release Numbering for Java SE
"To avoid the confusion caused by renumbering releases", Oracle has announced that it is adopting a new numbering scheme for JDK 5.0, JDK 6 and JDK 7. "The next Limited Update for JDK 7 will be numbered 7u40, and the next 3 CPUs after that will be numbered 7u45, 7u51, and 7u55.”
-
Java Still Vulnerable, Despite Latest Patches
Just days after the latest fix, security researcher Adam Gowdiak has found another Java vulnerability. In addition, in the past few days, attack code targeting one of the many remote-code-execution vulnerabilities fixed in Java 7 Update 21 have also begun circulating in the wild.
-
Layer 7 to be Merged with SiteMinder
Layer 7 Technologies has just been acquired by CA Technologies for the purpose of augmenting CA SiteMinder with Layer 7’s API Management & Security Suite. Layer 7 specializes in adding “access, security, SLA and management features” to existing service APIs.
-
MongoDB Gets Better Security, Text Search, Performance Improvements – What’s Next?
MongoDB 2.4 was recently released with new features such as Text Search, hash-based sharding, better geo-spatial capabilities with GeoJSON support and several performance and tooling improvements. We also discussed with 10gen about what’s next on the roadmap.
-
Security Enhancements in Android 4.2.2
Android 4.2.2 includes security enhancements such as application verification, Always-on VPN, certificate pinning, installd hardening including few other security fixes.
-
How to Keep Up to Date with Windows Security Guidelines
Windows Security is a hard problem. There are countless optional settings that can introduce security vulnerabilities, many of which are enabled by default. The documentation for these settings are scattered with current articles freely mixed with out-of-date versions. One solution to this is the Microsoft Security Compliance Manager.
-
Kaspersky Labs Uncover Java Exploit in the Red October Malware
The investigating agency Kaspersky Labs uncovered in mid January that the Red October attackers used the Rhino exploit in Java as an additional delivery vector.
-
Oracle Releases February Java Security Update Ahead of Schedule Dealing with 50 Flaws
Oracle has published a major security update for Java. The update was originally scheduled for February 19th, but was released a fortnight early on Friday because of "active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers".
-
Oracle Will Stop Providing Security Updates for Java 6 Next Month
The last publicly available release of Java 6 is to be released on February 19th 2013. After that date all new security updates, patches, and fixes for both the runtime and SDK of Java SE 6 will only be available through My Oracle Support, and will therefore only be available to users with a commercial license with Oracle.
-
Oracle's Head of Security Promises to Fix Issues and Improve Communication
Following a spate of high-profile security issues, Oracle's head of Java Security, Milton Smith, is promising that the vendor will fix issues with the platform, and improve its communication to community members.
-
Oracle Releases Security Fix for Java 7
Oracle today released Java 7u11 with security fixes for remote code execution vulnerabilities related to escaping the applet sandbox through crafted reflection API calls. Read on to find out more about it, and how to find out if you are affected or not.
-
PhoneFactor Acquisition Enhances Security of Microsoft Applications with Multi Factor Authentication
Microsoft has recently acquired PhoneFactor, which provides multi factor authentication by making use of user's phone. According to official sources at Microsoft, this development will bring new security mechanism for Microsoft products.
-
Fast Hashes Kill Cryptographic Security
Troy Hunt demonstrates how the password hashes provided by SqlMembershipProvider are vulnerable to brute force attacks and offers some remedies.