InfoQ Homepage Security Content on InfoQ
-
New Patterns & Practices Project – Claims Based Authentication & Authorization Guide
The Patterns & Practices team announced a newly started project for developing a new guide called "Claims Based Authentication & Authorization Guide". This guide will give best practices on how to implement "Geneva", Microsoft's attempt to simplify user access and single sign-on based on claims.
-
Commercial Java Compiler Protects Eclipse RCP Applications
Excelsior LLC recently released the latest version of Excelsior JET which now prevents the decompilation and unauthorized alteration of Eclipse RCP applications.
-
Microsoft Researches a Browser-based OS, Code Name Gazelle
A Microsoft Research team led by Helen J. Wang has created Gazelle (PDF), a browser-based OS, with the declared intent to tighten security when going online.
-
Morro Beta Available for the First 750,000 Registrants
Morro, the awaited security protection solution from Microsoft has been released to the general public as Microsoft Security Essentials (MSE) Beta, but only the first 750,000 registrants will be able to download it.
-
DoS Vulnerability in BigDecimal
A DoS vulnerability has been found in all Ruby 1.8.x versions, fixes are now available in 1.8.6-p369 and 1.8.7-p173. Current JRuby versions also seem to be affected.
-
memcpy() Is Going to Be Banned
The memcpy() function has been recommended to be banned and will most likely enter Microsoft’s SDL Banned list later this year. memcpy() joins the ranks of other popular functions like strcpy, strncpy, strcat, strncat which were banned due to their security vulnerability through buffer overruns.
-
Presentation: Financial Transaction Exchange at BetFair.com
Betfair is the world's largest betting exchange with a transaction volume the equivalent of over half the combined equity trading volume of every major stock exchange in the world. In response to an increase in transaction volume coupled with a decrease in value per transaction, Betfair launched a number of initiatives to dramatically increase transaction processing capacity and reduce cost.
-
MINIX 3 Promises to Be More Secure Than Windows or Linux
Andrew S. Tanenbaum, a computer science professor at the Vrije Universiteit in Amsterdam, is leading the project developing MINIX 3, an operating system meant to be more secure than Windows or Linux.
-
The Cloud Security Alliance Wants Safer Clouds
The Cloud Security Alliance (CSA) is a non profit organization meant to be an open forum promoting the exchange of information and knowledge related to security and cloud computing with the aim to create a set of best security practices for cloud vendors and consumers.
-
The State of the Internet
Akamai has released their quarterly report on the state of the Internet for Q4/2008. Akamai monitors the Internet traffic using agents installed across all continents and reports the findings on several domains: security, network and web outages, Internet penetration.
-
Critical Security Vulnerability Found in Quicksort
In what is sure to become one of the most wide-reaching security vulnerabilities yet known, a researcher with L0pht Heavy Industries has uncovered a flaw in the standard implementation of the Quicksort algorithm. InfoQ spoke with Dildog of L0pht to learn more about this vulnerability and it's ramifications.
-
MIX 09: Justin Smith on Azure Access Control Services
Justin Smith and John Shewchuck delivered an introduction to Windows Azure ACS. ACS is basically a hosted Secure Token Service that operates in a "claims in-claims out" mode. John demoed the ACS in a Web application writen in Phyton and JQuery running on Google Apps Engine. ACS supports any identity mechanism (Google, Yahoo, Facebook...) and can be invoked from any technology stack.
-
An MD5 Implementation for Silverlight
An implementation of the MD5 cryptographic hashing algorithm for Silverlight has been posted on MSDN by Reid Borsuk. Delay, another MSDN user, has recently posted ComputeFileHashes, a small .NET command-line application that also works on WPF and Silverlight and is helpful to compute MD5, SHA-1, and CRC-32 hashes.
-
Microsoft Released a Threat Modeling Tool
Microsoft has released SDL Threat Modeling Tool 3, a tool used to model, analyze, track and mitigate security vulnerabilities early in the application’s design process.
-
The AWS Management Console Raises Security Concerns
There has been an ongoing debate over how secure cloud computing is. Some argue that clouds are more secure than many private networks, while others consider that cloud computing may open more security holes. Some consider that Amazon’s - Web based – AWS Management Console is creating more opportunities to hackers.