InfoQ Homepage Security Content on InfoQ
-
5 Security Enhancements in Chrome
Google has added five security enhancements to Chrome in order to make browsing more secure: cross-documents message posting, Strict Transport Security, Origin and X-Frame-Options header fields, and Reflective XSS Filter. Some of these features have already been or are to be implemented by other browsers.
-
The HTML 5 sandbox Attribute Improves iFrame Security
The Web Hypertext Application Technology Working Group (WHATWG) is working jointly with W3C on developing the HTML 5 standard, which has been at "Last Call" at WHATWG for the last 3 months. During this time one feature which has changed more significantly is the sandbox attribute of the iframe element. sandbox can be used to isolate untrusted web page content from performing certain operations.
-
Code Access Security Is No Longer Used in .NET 4 Beta 2
Starting with .NET Framework 1.0 Microsoft introduced Code Access Security (CAS), an instrument for assigning and controlling managed code's capabilities. .NET Framework 4.0 Beta 2 deprecates CAS, turning it off by default, and introduces Security Transparency Level 2.
-
Windows Domain to Amazon EC2 Single Sign-On Access Solutions
David Chappell, the Principal of Chappell & Associates, US, has written a whitepaper proposing several solutions for Single Sign-on (SSO) access to applications deployed on Amazon EC2 from a Windows domain. InfoQ explored these solutions to understand what the benefits and tradeoffs each one presented.
-
Advice for Securing Data in Windows Azure
In a recent MSDN article entitled Crypto Services and Data Security in Windows Azure, Jonathan Wiggs provides advice on securing data stored and processed through Windows Azure. InfoQ explored the topic in more detail to understand some of the security ramifications which come with deploying an application to the cloud.
-
A Step Toward Better Cloud Security: Searchable Encryption
In a whitepaper entitled Cryptographic Cloud Storage, Seny Kamara and Kristin Lauter from the Microsoft Research Cryptography Group, propose a "virtual private storage service" offered by public clouds using new cryptographic techniques.
-
Ruby 1.9.1 Update With Fix for Heap Overflow
Ruby 1.9.1-p376 is out, bringing with it an important fix for a heap overflow vulnerability, among many bug fixes for the 1.9.1 line.
-
Microsoft is Dropping Code Access Security in .NET 4.0
In .NET 4.0, Microsoft is replacing .NET’s Code Access Security (CAS) with a new security model inspired by Silverlight. This rather than complex link demands, code is categorized into three easy to understand levels with partially trusted code being unable to call fully trusted code except via carefully designed gateway functions.
-
A .NET Security Vulnerability Has Affected Firefox
A security vulnerability that has hit Internet Explorer through .NET has also hit Firefox. The culprit for Firefox, a .NET add-on, has been put on Mozilla’s blocked list.
-
A Guide to Claim-based Identity
Microsoft patterns&practices has created a new CodePlex project entitled Claims Based Identity & Access Control Guide to introduce users to claims-based identity and to present examples on how to write applications using this new type of authentication and authorization.
-
Internet Security: an Interview with David Durham
David Durham, manager of Intel's Security and Cryptography Research group, was recently interviewed on the subject of Internet and Computer Security. The interview covers a wide range of topics including the "monetization of malware," Cloud-based detection of malware, security of data stored in the Cloud, "Botnets in the Dark Cloud," and malware as a tool in geo-politics.
-
Ruby on Rails Security Vulnerabilities
There has been a buzz around the Ruby on Rails community lately with discovered security vulnerabilities and subsequent updates every Rails developer should be made aware.
-
New Patterns & Practices Project – Claims Based Authentication & Authorization Guide
The Patterns & Practices team announced a newly started project for developing a new guide called "Claims Based Authentication & Authorization Guide". This guide will give best practices on how to implement "Geneva", Microsoft's attempt to simplify user access and single sign-on based on claims.
-
Commercial Java Compiler Protects Eclipse RCP Applications
Excelsior LLC recently released the latest version of Excelsior JET which now prevents the decompilation and unauthorized alteration of Eclipse RCP applications.
-
Microsoft Researches a Browser-based OS, Code Name Gazelle
A Microsoft Research team led by Helen J. Wang has created Gazelle (PDF), a browser-based OS, with the declared intent to tighten security when going online.