InfoQ Homepage Security Content on InfoQ
-
A Guide to Claim-based Identity
Microsoft patterns&practices has created a new CodePlex project entitled Claims Based Identity & Access Control Guide to introduce users to claims-based identity and to present examples on how to write applications using this new type of authentication and authorization.
-
Internet Security: an Interview with David Durham
David Durham, manager of Intel's Security and Cryptography Research group, was recently interviewed on the subject of Internet and Computer Security. The interview covers a wide range of topics including the "monetization of malware," Cloud-based detection of malware, security of data stored in the Cloud, "Botnets in the Dark Cloud," and malware as a tool in geo-politics.
-
Ruby on Rails Security Vulnerabilities
There has been a buzz around the Ruby on Rails community lately with discovered security vulnerabilities and subsequent updates every Rails developer should be made aware.
-
New Patterns & Practices Project – Claims Based Authentication & Authorization Guide
The Patterns & Practices team announced a newly started project for developing a new guide called "Claims Based Authentication & Authorization Guide". This guide will give best practices on how to implement "Geneva", Microsoft's attempt to simplify user access and single sign-on based on claims.
-
Commercial Java Compiler Protects Eclipse RCP Applications
Excelsior LLC recently released the latest version of Excelsior JET which now prevents the decompilation and unauthorized alteration of Eclipse RCP applications.
-
Microsoft Researches a Browser-based OS, Code Name Gazelle
A Microsoft Research team led by Helen J. Wang has created Gazelle (PDF), a browser-based OS, with the declared intent to tighten security when going online.
-
Morro Beta Available for the First 750,000 Registrants
Morro, the awaited security protection solution from Microsoft has been released to the general public as Microsoft Security Essentials (MSE) Beta, but only the first 750,000 registrants will be able to download it.
-
DoS Vulnerability in BigDecimal
A DoS vulnerability has been found in all Ruby 1.8.x versions, fixes are now available in 1.8.6-p369 and 1.8.7-p173. Current JRuby versions also seem to be affected.
-
memcpy() Is Going to Be Banned
The memcpy() function has been recommended to be banned and will most likely enter Microsoft’s SDL Banned list later this year. memcpy() joins the ranks of other popular functions like strcpy, strncpy, strcat, strncat which were banned due to their security vulnerability through buffer overruns.
-
Presentation: Financial Transaction Exchange at BetFair.com
Betfair is the world's largest betting exchange with a transaction volume the equivalent of over half the combined equity trading volume of every major stock exchange in the world. In response to an increase in transaction volume coupled with a decrease in value per transaction, Betfair launched a number of initiatives to dramatically increase transaction processing capacity and reduce cost.
-
MINIX 3 Promises to Be More Secure Than Windows or Linux
Andrew S. Tanenbaum, a computer science professor at the Vrije Universiteit in Amsterdam, is leading the project developing MINIX 3, an operating system meant to be more secure than Windows or Linux.
-
The Cloud Security Alliance Wants Safer Clouds
The Cloud Security Alliance (CSA) is a non profit organization meant to be an open forum promoting the exchange of information and knowledge related to security and cloud computing with the aim to create a set of best security practices for cloud vendors and consumers.
-
The State of the Internet
Akamai has released their quarterly report on the state of the Internet for Q4/2008. Akamai monitors the Internet traffic using agents installed across all continents and reports the findings on several domains: security, network and web outages, Internet penetration.
-
Critical Security Vulnerability Found in Quicksort
In what is sure to become one of the most wide-reaching security vulnerabilities yet known, a researcher with L0pht Heavy Industries has uncovered a flaw in the standard implementation of the Quicksort algorithm. InfoQ spoke with Dildog of L0pht to learn more about this vulnerability and it's ramifications.
-
MIX 09: Justin Smith on Azure Access Control Services
Justin Smith and John Shewchuck delivered an introduction to Windows Azure ACS. ACS is basically a hosted Secure Token Service that operates in a "claims in-claims out" mode. John demoed the ACS in a Web application writen in Phyton and JQuery running on Google Apps Engine. ACS supports any identity mechanism (Google, Yahoo, Facebook...) and can be invoked from any technology stack.