InfoQ Homepage Security Content on InfoQ
-
How to Keep Up to Date with Windows Security Guidelines
Windows Security is a hard problem. There are countless optional settings that can introduce security vulnerabilities, many of which are enabled by default. The documentation for these settings are scattered with current articles freely mixed with out-of-date versions. One solution to this is the Microsoft Security Compliance Manager.
-
Kaspersky Labs Uncover Java Exploit in the Red October Malware
The investigating agency Kaspersky Labs uncovered in mid January that the Red October attackers used the Rhino exploit in Java as an additional delivery vector.
-
Oracle Releases February Java Security Update Ahead of Schedule Dealing with 50 Flaws
Oracle has published a major security update for Java. The update was originally scheduled for February 19th, but was released a fortnight early on Friday because of "active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers".
-
Oracle Will Stop Providing Security Updates for Java 6 Next Month
The last publicly available release of Java 6 is to be released on February 19th 2013. After that date all new security updates, patches, and fixes for both the runtime and SDK of Java SE 6 will only be available through My Oracle Support, and will therefore only be available to users with a commercial license with Oracle.
-
Oracle's Head of Security Promises to Fix Issues and Improve Communication
Following a spate of high-profile security issues, Oracle's head of Java Security, Milton Smith, is promising that the vendor will fix issues with the platform, and improve its communication to community members.
-
Oracle Releases Security Fix for Java 7
Oracle today released Java 7u11 with security fixes for remote code execution vulnerabilities related to escaping the applet sandbox through crafted reflection API calls. Read on to find out more about it, and how to find out if you are affected or not.
-
PhoneFactor Acquisition Enhances Security of Microsoft Applications with Multi Factor Authentication
Microsoft has recently acquired PhoneFactor, which provides multi factor authentication by making use of user's phone. According to official sources at Microsoft, this development will bring new security mechanism for Microsoft products.
-
Fast Hashes Kill Cryptographic Security
Troy Hunt demonstrates how the password hashes provided by SqlMembershipProvider are vulnerable to brute force attacks and offers some remedies.
-
What if the LinkedIn Password Leak Was a Hoax?
Recently the major sites LinkedIn and eHarmony acknowledged that their password lists, but not the user names, were leaked and posted on the Internet. A third site, Last.fm, suspects they may have been compromised and are proactively resetting passwords. But what if it was a hoax? Would there be anything to gain from it?
-
Yahoo! Axis! Of! Incompetence!
Yahoo! have released a search plugin Axis which allows clients to search for web content with graphical previews rendered on the server. Unfortunately, they also leaked their private Chrome signing key with the Chrome extension. Read on for more.
-
Security vulnerabilities with HTML5 (WebSockets)?
Lori Macvittie recently raised concerns about WebSockets vulnerabilities to viruses and malware due to the removal of HTTP headers and MIME types. Given other reported security issues with the protocol and implementations, is it time to step back and consider what a world based on WebSockets should look like?
-
Secure Code Development: A Casualty With Agile?
Agile teams are known to produce reliable and high quality code quickly. However, it is also a fact that pressure to deliver quickly might result in short cut reviews, curtailed testing and lack of attention to secure code. Is secure development as good as wishful thinking with Agile?
-
SEI Publishes The CERT Guide to Insider Threats Book
What do ACTA, SEPA, PIPA, Stuxnet, Google have in common? They all have been hot topics in the press during the last months and they are dealing with information security. What, however, is commonly forgotten are internal threats related to espionage and stealing of company information.
-
Hibernate 4.1 Released With Improved Auditing Support
JBoss relases Hibernate 4.1 with improvements to the Envers module that allow for finding the database revision responsible for a change in a specific audited property.
-
Secure Code Development: A Casualty With Agile?
Agile teams are known to produce reliable and high quality code quickly. However, it is also a fact that pressure to deliver quickly might result in short cut reviews, curtailed testing and lack of attention to secure code. Is secure development as good as wishful thinking with Agile?