InfoQ Homepage Security Content on InfoQ
-
Advice for Securing Data in Windows Azure
In a recent MSDN article entitled Crypto Services and Data Security in Windows Azure, Jonathan Wiggs provides advice on securing data stored and processed through Windows Azure. InfoQ explored the topic in more detail to understand some of the security ramifications which come with deploying an application to the cloud.
-
A Step Toward Better Cloud Security: Searchable Encryption
In a whitepaper entitled Cryptographic Cloud Storage, Seny Kamara and Kristin Lauter from the Microsoft Research Cryptography Group, propose a "virtual private storage service" offered by public clouds using new cryptographic techniques.
-
Ruby 1.9.1 Update With Fix for Heap Overflow
Ruby 1.9.1-p376 is out, bringing with it an important fix for a heap overflow vulnerability, among many bug fixes for the 1.9.1 line.
-
Microsoft is Dropping Code Access Security in .NET 4.0
In .NET 4.0, Microsoft is replacing .NET’s Code Access Security (CAS) with a new security model inspired by Silverlight. This rather than complex link demands, code is categorized into three easy to understand levels with partially trusted code being unable to call fully trusted code except via carefully designed gateway functions.
-
A .NET Security Vulnerability Has Affected Firefox
A security vulnerability that has hit Internet Explorer through .NET has also hit Firefox. The culprit for Firefox, a .NET add-on, has been put on Mozilla’s blocked list.
-
A Guide to Claim-based Identity
Microsoft patterns&practices has created a new CodePlex project entitled Claims Based Identity & Access Control Guide to introduce users to claims-based identity and to present examples on how to write applications using this new type of authentication and authorization.
-
Internet Security: an Interview with David Durham
David Durham, manager of Intel's Security and Cryptography Research group, was recently interviewed on the subject of Internet and Computer Security. The interview covers a wide range of topics including the "monetization of malware," Cloud-based detection of malware, security of data stored in the Cloud, "Botnets in the Dark Cloud," and malware as a tool in geo-politics.
-
Ruby on Rails Security Vulnerabilities
There has been a buzz around the Ruby on Rails community lately with discovered security vulnerabilities and subsequent updates every Rails developer should be made aware.
-
New Patterns & Practices Project – Claims Based Authentication & Authorization Guide
The Patterns & Practices team announced a newly started project for developing a new guide called "Claims Based Authentication & Authorization Guide". This guide will give best practices on how to implement "Geneva", Microsoft's attempt to simplify user access and single sign-on based on claims.
-
Commercial Java Compiler Protects Eclipse RCP Applications
Excelsior LLC recently released the latest version of Excelsior JET which now prevents the decompilation and unauthorized alteration of Eclipse RCP applications.
-
Microsoft Researches a Browser-based OS, Code Name Gazelle
A Microsoft Research team led by Helen J. Wang has created Gazelle (PDF), a browser-based OS, with the declared intent to tighten security when going online.
-
Morro Beta Available for the First 750,000 Registrants
Morro, the awaited security protection solution from Microsoft has been released to the general public as Microsoft Security Essentials (MSE) Beta, but only the first 750,000 registrants will be able to download it.
-
DoS Vulnerability in BigDecimal
A DoS vulnerability has been found in all Ruby 1.8.x versions, fixes are now available in 1.8.6-p369 and 1.8.7-p173. Current JRuby versions also seem to be affected.
-
memcpy() Is Going to Be Banned
The memcpy() function has been recommended to be banned and will most likely enter Microsoft’s SDL Banned list later this year. memcpy() joins the ranks of other popular functions like strcpy, strncpy, strcat, strncat which were banned due to their security vulnerability through buffer overruns.
-
Presentation: Financial Transaction Exchange at BetFair.com
Betfair is the world's largest betting exchange with a transaction volume the equivalent of over half the combined equity trading volume of every major stock exchange in the world. In response to an increase in transaction volume coupled with a decrease in value per transaction, Betfair launched a number of initiatives to dramatically increase transaction processing capacity and reduce cost.