InfoQ Homepage Security Content on InfoQ
-
Oracle Releases Security Fix for Java 7
Oracle today released Java 7u11 with security fixes for remote code execution vulnerabilities related to escaping the applet sandbox through crafted reflection API calls. Read on to find out more about it, and how to find out if you are affected or not.
-
PhoneFactor Acquisition Enhances Security of Microsoft Applications with Multi Factor Authentication
Microsoft has recently acquired PhoneFactor, which provides multi factor authentication by making use of user's phone. According to official sources at Microsoft, this development will bring new security mechanism for Microsoft products.
-
Fast Hashes Kill Cryptographic Security
Troy Hunt demonstrates how the password hashes provided by SqlMembershipProvider are vulnerable to brute force attacks and offers some remedies.
-
What if the LinkedIn Password Leak Was a Hoax?
Recently the major sites LinkedIn and eHarmony acknowledged that their password lists, but not the user names, were leaked and posted on the Internet. A third site, Last.fm, suspects they may have been compromised and are proactively resetting passwords. But what if it was a hoax? Would there be anything to gain from it?
-
Yahoo! Axis! Of! Incompetence!
Yahoo! have released a search plugin Axis which allows clients to search for web content with graphical previews rendered on the server. Unfortunately, they also leaked their private Chrome signing key with the Chrome extension. Read on for more.
-
Security vulnerabilities with HTML5 (WebSockets)?
Lori Macvittie recently raised concerns about WebSockets vulnerabilities to viruses and malware due to the removal of HTTP headers and MIME types. Given other reported security issues with the protocol and implementations, is it time to step back and consider what a world based on WebSockets should look like?
-
Secure Code Development: A Casualty With Agile?
Agile teams are known to produce reliable and high quality code quickly. However, it is also a fact that pressure to deliver quickly might result in short cut reviews, curtailed testing and lack of attention to secure code. Is secure development as good as wishful thinking with Agile?
-
SEI Publishes The CERT Guide to Insider Threats Book
What do ACTA, SEPA, PIPA, Stuxnet, Google have in common? They all have been hot topics in the press during the last months and they are dealing with information security. What, however, is commonly forgotten are internal threats related to espionage and stealing of company information.
-
Hibernate 4.1 Released With Improved Auditing Support
JBoss relases Hibernate 4.1 with improvements to the Envers module that allow for finding the database revision responsible for a change in a specific audited property.
-
Secure Code Development: A Casualty With Agile?
Agile teams are known to produce reliable and high quality code quickly. However, it is also a fact that pressure to deliver quickly might result in short cut reviews, curtailed testing and lack of attention to secure code. Is secure development as good as wishful thinking with Agile?
-
Silverlight 5 Security: Designed for the Intranet
Silverlight was originally seen as a Flash killer, but Flash itself is being replaced by HTML5. It was also seen as a way of delivering cross-platform applications, but iOS made that a non-starter as well. Surprisingly it is thriving in areas that were supposed to be the domain of WPF such as internal business applications and Silverlight 5’s updated security model reflects this.
-
Spring Security 3.1: Multiple http, Stateless, Debug, Crypto, HttpOnly, Custom form-login Params
SpringSource has released Spring Security 3.1.0. New features include multiple http elements, stateless option, debug element, Crypto module, HttpOnly, secure cookies, delete cookies on logout, CAS tickets, JAAS configuration, authentication-manager-ref, request-matcher-ref, authentication-details-source-ref, form-login username-parameter and password-parameter, and more.
-
IEEE’s Hans Karlsson Standards Award 2012 for Paul R. Croll
IEEE announced that the Hans Karlsson Standard Award 2012 has been given to Paul R. Croll for dedicated leadership of the IEEE Systems and Software Engineering Standards Committee, and for his diplomacy and collaboration in facilitating the development of a collection of high-quality standards.
-
Code Signing For Individual Developers
Code Signing is a mechanism for software users to trust executable code that is published on the internet before downloading and running it. Until now, this was practically beyond the reach of the individual developer, due to costs and processes involved. However, some stores are now offering Thawte code-signing certificates for individual developers for $99 per year.
-
Universal Password Storage in Windows 8
Furthering their commitment to ubiquitous access, Windows 8 plans on offering universal password management. Windows 8 credential storage is intended to tie all other usernames names and password into a single account that will travel with the user. And this feature will be usable from all applications.