InfoQ Homepage Security Content on InfoQ
-
Silverlight 5 Security: Designed for the Intranet
Silverlight was originally seen as a Flash killer, but Flash itself is being replaced by HTML5. It was also seen as a way of delivering cross-platform applications, but iOS made that a non-starter as well. Surprisingly it is thriving in areas that were supposed to be the domain of WPF such as internal business applications and Silverlight 5’s updated security model reflects this.
-
Spring Security 3.1: Multiple http, Stateless, Debug, Crypto, HttpOnly, Custom form-login Params
SpringSource has released Spring Security 3.1.0. New features include multiple http elements, stateless option, debug element, Crypto module, HttpOnly, secure cookies, delete cookies on logout, CAS tickets, JAAS configuration, authentication-manager-ref, request-matcher-ref, authentication-details-source-ref, form-login username-parameter and password-parameter, and more.
-
IEEE’s Hans Karlsson Standards Award 2012 for Paul R. Croll
IEEE announced that the Hans Karlsson Standard Award 2012 has been given to Paul R. Croll for dedicated leadership of the IEEE Systems and Software Engineering Standards Committee, and for his diplomacy and collaboration in facilitating the development of a collection of high-quality standards.
-
Code Signing For Individual Developers
Code Signing is a mechanism for software users to trust executable code that is published on the internet before downloading and running it. Until now, this was practically beyond the reach of the individual developer, due to costs and processes involved. However, some stores are now offering Thawte code-signing certificates for individual developers for $99 per year.
-
Universal Password Storage in Windows 8
Furthering their commitment to ubiquitous access, Windows 8 plans on offering universal password management. Windows 8 credential storage is intended to tie all other usernames names and password into a single account that will travel with the user. And this feature will be usable from all applications.
-
Integration of SABSA Security Architecture Approaches with TOGAF ADM
Security architecture has always been considered a separate discipline from enterprise architecture which has led to piecemeal strategies and consequently increased exposure to security vulnerabilities. By integrating SABSA concepts into the TOGAF framework, architects can leverage a risk driven enterprise architecture approach that addresses security concerns driven by business requirements.
-
Security Vulnerabilities in Amazon and Eucalyptus
A recent paper published by researchers in Germany reveals multiple security vulnerabilities in Amazon Web Services (AWS) and Eucalyptus's SOAP and web interfaces. The flaws are related to architectural choices which impacts multiple users and the overall cloud security.
-
Ron Monzillo on Java Identity API and JSR 351
The Java Identity API provides a framework for representing and interacting with identity attributes in Java applications. Ron Monzillo, specification lead for JSR 351, the spec for this API, spoke at the JavaOne 2011 Conference last week about the JSR proposal scope, its current state and future plans for the specification.
-
Kernel.org Back After Security Breach
After over a month since Kernel.org's security breach was announced (and subsequently taken off-line), the Kernel.org website has been brought back on-line.
-
Mozilla Considers Blacklisting Java
The Mozilla Foundation has publicly considered disabling Java from running in the browser environment, thanks to recent research that indicates Java is the top of the three vectors for security exploits in the browser.
-
U.S. Government Program Seeks Alternatives to Passwords
In an effort to find viable alternatives to the false security offered by passwords, a new U.S. government program is trying to find consensus on standards with leaders of private industry. The new National Strategy for Trusted Identities in Cyberspace (NSTIC) program was formed early in 2011 with limited funding but ambitious objectives.
-
Amazon Releases Services To Lure Enterprises to the Cloud
Amazon.com formally added three new capabilities to its cloud computing portfolio with the introduction of Direct Connect and the updates to the Virtual Private Cloud and Identity and Access Management services. These offerings are targeted at organizations looking to construct hybrid or private clouds on the Amazon Web Services platform.
-
Should the Web be Encrypted?
Last week, the Electronic Frontier Foundation (EFF), in collaboration with the Tor Project, has launched an official 1.0 version of HTTPS Everywhere, a tool for the Firefox web browser that helps secure web browsing by encrypting connections to more than 1,000 websites.
-
Microsoft Rejects WebGL for Security Reasons
Microsoft cites two reports analyzing security flaws in WebGL as the main reason for not endorsing a 3D graphic standard actively supported by Google, Mozilla, Opera, and Apple.
-
New DMTF WorkGroup To Address Cloud Security Concerns Through Cloud Audit Standards
Security concerns still remain the top inhibitor of cloud adoption and cloud audits will alleviate some of these concerns. DMTF instituted the Cloud Audit Data Federation Work Group (CADFWG) to define specifications which will empower organizations to audit cloud-based IT resources, regardless of their chosen cloud provider.