InfoQ Homepage Security Content on InfoQ
-
U-Prove Offers Security while Protecting Privacy
Microsoft has open sourced U-Prove CTP, a cryptographic solution technology used for performing authentication without disclosing personal information about the user. The CTP contains U-Prove Cryptographic Specification V1.0, a C# and a Java reference implementation of the specification, extensions for WIF, AD FS 2 and CardSpace 2, plus a number of whitepapers explaining the technology.
-
Top 10 Web Software Application Security Risks
OWASP, an open and free organization focused on evaluating and improving software application security, has released the OWASP Top 10 Application Security Risks – 2010 RC1, a whitepaper documenting the top 10 web application security risks along with details on how threat agents can exploit these possible vulnerabilities, accompanied with examples and advice on what can be done to avoid them.
-
First Rails 3 Beta Released
The first beta of Rails 3 is available. Rails 3 is a major rewrite of the codebase bringing with it stable APIs and design decisions inspired by Merb, cleaner internals, performance improvements and much more. InfoQ takes a look at the changes in Rails 3, and on which Ruby implementations it runs.
-
Google Will Stop Supporting Older Browsers
Google has announced they will stop supporting older and less secure browsers like IE6, Firefox 2.x, Chrome 3 or Safari 2 starting with Google Docs and Google Sites editor from March 1st, 2010.
-
Silverlight 4’s COM+ Automation Raises Security and Portability Concerns
Silverlight 4 supports COM+ Automation when running as an Out-Of-Browser (OOB) application with elevated privileges. Microsoft indicated that this support is a result of enterprise customers requesting such a feature, offering as an example Office automation from Silverlight.
-
Adobe Apologizes for Long Lasting Flash Crash Bug
Emmy Huang Product Manager for Adobe Flash Player has apologized publicly about a Flash bug that resulted in browser crash, that although has been reported 17 months ago, no patch has been released for the production version of Flash player yet.
-
5 Security Enhancements in Chrome
Google has added five security enhancements to Chrome in order to make browsing more secure: cross-documents message posting, Strict Transport Security, Origin and X-Frame-Options header fields, and Reflective XSS Filter. Some of these features have already been or are to be implemented by other browsers.
-
The HTML 5 sandbox Attribute Improves iFrame Security
The Web Hypertext Application Technology Working Group (WHATWG) is working jointly with W3C on developing the HTML 5 standard, which has been at "Last Call" at WHATWG for the last 3 months. During this time one feature which has changed more significantly is the sandbox attribute of the iframe element. sandbox can be used to isolate untrusted web page content from performing certain operations.
-
Code Access Security Is No Longer Used in .NET 4 Beta 2
Starting with .NET Framework 1.0 Microsoft introduced Code Access Security (CAS), an instrument for assigning and controlling managed code's capabilities. .NET Framework 4.0 Beta 2 deprecates CAS, turning it off by default, and introduces Security Transparency Level 2.
-
Windows Domain to Amazon EC2 Single Sign-On Access Solutions
David Chappell, the Principal of Chappell & Associates, US, has written a whitepaper proposing several solutions for Single Sign-on (SSO) access to applications deployed on Amazon EC2 from a Windows domain. InfoQ explored these solutions to understand what the benefits and tradeoffs each one presented.
-
Advice for Securing Data in Windows Azure
In a recent MSDN article entitled Crypto Services and Data Security in Windows Azure, Jonathan Wiggs provides advice on securing data stored and processed through Windows Azure. InfoQ explored the topic in more detail to understand some of the security ramifications which come with deploying an application to the cloud.
-
A Step Toward Better Cloud Security: Searchable Encryption
In a whitepaper entitled Cryptographic Cloud Storage, Seny Kamara and Kristin Lauter from the Microsoft Research Cryptography Group, propose a "virtual private storage service" offered by public clouds using new cryptographic techniques.
-
Ruby 1.9.1 Update With Fix for Heap Overflow
Ruby 1.9.1-p376 is out, bringing with it an important fix for a heap overflow vulnerability, among many bug fixes for the 1.9.1 line.
-
Microsoft is Dropping Code Access Security in .NET 4.0
In .NET 4.0, Microsoft is replacing .NET’s Code Access Security (CAS) with a new security model inspired by Silverlight. This rather than complex link demands, code is categorized into three easy to understand levels with partially trusted code being unable to call fully trusted code except via carefully designed gateway functions.
-
A .NET Security Vulnerability Has Affected Firefox
A security vulnerability that has hit Internet Explorer through .NET has also hit Firefox. The culprit for Firefox, a .NET add-on, has been put on Mozilla’s blocked list.